Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-5862In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD AndroEPSS 0.2%CVE-2017-18158Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS EPSS 0.2%CVE-2025-27073HIGHReachable Assertion in WLAN FirmwareEPSS 0.2%CVE-2018-5834In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android EPSS 0.2%CVE-2019-2278User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer EPSS 0.2%CVE-2018-5831In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security paEPSS 0.2%CVE-2018-3567In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2025-27065HIGHBuffer Over-read in WLAN FirmwareEPSS 0.2%CVE-2018-11832In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation beEPSS 0.2%CVE-2025-47318HIGHBuffer Over-read in BT ControllerEPSS 0.2%CVE-2021-35077HIGHPossible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2025-21477HIGHImproper Input Validation in ModemEPSS 0.2%CVE-2025-21452HIGHReachable Assertion in ModemEPSS 0.2%CVE-2017-15818In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user applicationEPSS 0.2%CVE-2018-11840In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driverEPSS 0.2%CVE-2018-11296In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from EPSS 0.2%CVE-2019-10512Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnapdraEPSS 0.2%CVE-2018-13908Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2019-10501Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, SnapdragonEPSS 0.2%CVE-2019-10497Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous oneEPSS 0.2%