Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10563Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon AEPSS 0.2%CVE-2020-11210CRITICALPossible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, SnapdragonEPSS 0.2%CVE-2019-10564Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, SnapEPSS 0.2%CVE-2019-2319HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ConsEPSS 0.2%CVE-2019-10503Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer ElectronicEPSS 0.2%CVE-2019-2266Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapdragon ConsEPSS 0.2%CVE-2019-10544Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon AutoEPSS 0.2%CVE-2020-11123u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`EPSS 0.2%CVE-2019-14048Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumerEPSS 0.2%CVE-2020-3624u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in SnapEPSS 0.2%CVE-2019-10517Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsEPSS 0.2%CVE-2019-10624While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 EPSS 0.2%CVE-2019-10518Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon CEPSS 0.2%CVE-2019-10556Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some caEPSS 0.2%CVE-2019-10571Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2019-10584Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.2%CVE-2019-10592Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum modeEPSS 0.2%CVE-2019-14076Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, SnapdEPSS 0.2%CVE-2020-3647u'Potential buffer overflow when accessing npu debugfs node "off"/"log" with large buffer size' in Snapdragon Compute, Snapdragon IndustrialEPSS 0.2%CVE-2019-10498Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.2%