Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-30279HIGHPossible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, SnapdEPSS 0.1%CVE-2021-35101HIGHImproper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, EPSS 0.1%CVE-2019-14072Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bEPSS 0.1%CVE-2021-1935HIGHPossible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon ComputEPSS 0.1%CVE-2022-33219CRITICALInteger Overflow to Buffer Overflow in AutomotiveEPSS 0.1%CVE-2019-14119u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory coEPSS 0.1%CVE-2023-28574CRITICALImproper Input Validation in CoreEPSS 0.1%CVE-2020-11254MEDIUMMemory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto,EPSS 0.1%CVE-2021-35071MEDIUMPossible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service iEPSS 0.1%CVE-2021-35119MEDIUMPotential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, SnapdraEPSS 0.1%CVE-2020-11233Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without valiEPSS 0.1%CVE-2017-15856Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases frEPSS 0.1%CVE-2020-11151Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon AEPSS 0.1%CVE-2020-11152Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects inEPSS 0.1%CVE-2022-40539HIGHImproper Validation of Array Index in Automotive Android OSEPSS 0.1%CVE-2018-5860In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structuEPSS 0.1%CVE-2024-49848MEDIUMUse After Free in DSP ServiceEPSS 0.1%CVE-2019-2314Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, SnEPSS 0.1%CVE-2017-9691There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debuEPSS 0.1%CVE-2024-23372HIGHInteger Overflow or Wraparound in GraphicsEPSS 0.1%