Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-35089HIGHPossible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon AutoEPSS 0.2%CVE-2020-11252HIGHTrustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2019-10502Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, SEPSS 0.2%CVE-2019-2297Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics ConEPSS 0.2%CVE-2019-10566Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in SnapdragEPSS 0.2%CVE-2019-10555Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2019-10626Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon AutEPSS 0.2%CVE-2020-11174u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, SnapdragonEPSS 0.2%CVE-2020-3620u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to EPSS 0.2%CVE-2020-3696u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking securitEPSS 0.2%CVE-2018-3587In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android)EPSS 0.2%CVE-2019-10483Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2018-11301In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length wEPSS 0.2%CVE-2019-14067Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. iEPSS 0.2%CVE-2019-14092System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon MoEPSS 0.2%CVE-2019-10523Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.2%CVE-2020-11125u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon AuEPSS 0.2%CVE-2018-11276In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocationEPSS 0.2%CVE-2019-2275While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations aEPSS 0.2%CVE-2021-35108MEDIUMImproper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in SnaEPSS 0.2%