Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-1889HIGHPossible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,EPSS 0.2%CVE-2022-22079MEDIUMBuffer Over-read in BOOTEPSS 0.2%CVE-2018-3570In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_foEPSS 0.2%CVE-2018-5842An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (AnEPSS 0.2%CVE-2018-5851Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releEPSS 0.2%CVE-2017-8245In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload sEPSS 0.2%CVE-2017-15844In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function foEPSS 0.2%CVE-2019-10575Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon CEPSS 0.2%CVE-2018-11846The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SDEPSS 0.2%CVE-2018-11987In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alEPSS 0.2%CVE-2021-30327HIGHBuffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, SnapdragoEPSS 0.2%CVE-2022-22068HIGHkernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2021-1886HIGHIncorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2018-5895Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packeEPSS 0.2%CVE-2017-14893While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller EPSS 0.2%CVE-2021-1888HIGHMemory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2017-14872While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in AndroiEPSS 0.2%CVE-2020-3626Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.2%CVE-2021-1890HIGHImproper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, SEPSS 0.2%CVE-2022-40540HIGHBuffer copy without checking the size of input in Linux KernelEPSS 0.2%