Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2020-11161Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon AEPSS 0.1%CVE-2020-11295MEDIUMUse after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, SnapdragEPSS 0.1%CVE-2021-30305HIGHPossible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, SEPSS 0.1%CVE-2021-30306HIGHPossible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon ConnectiviEPSS 0.1%CVE-2021-30325MEDIUMPossible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon CompuEPSS 0.1%CVE-2021-30324MEDIUMPossible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in SnapEPSS 0.1%CVE-2021-30264MEDIUMPossible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon ConnectivEPSS 0.1%CVE-2021-30309HIGHImproper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon IndustriaEPSS 0.1%CVE-2024-21464HIGHBuffer Copy Without Checking Size of Input in Data Network Stack & ConnectivityEPSS 0.1%CVE-2021-30278HIGHImproper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, EPSS 0.1%CVE-2021-30265MEDIUMPossible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statEPSS 0.1%CVE-2021-30314MEDIUMLack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon CompuEPSS 0.1%CVE-2021-30298MEDIUMPossible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interfaEPSS 0.1%CVE-2021-30263MEDIUMPossible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in SnapdragonEPSS 0.1%CVE-2018-11984In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and anEPSS 0.1%CVE-2018-11983In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while acEPSS 0.1%CVE-2023-33053HIGHImproper Validation of Array Index in KernelEPSS 0.1%CVE-2018-11986In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX anEPSS 0.1%CVE-2023-33074HIGHUse After Free in AudioEPSS 0.1%CVE-2021-1899MEDIUMPossible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, SnapEPSS 0.1%