Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10513Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2021-35075HIGHPossible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, EPSS 0.2%CVE-2018-11962In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap whilEPSS 0.2%CVE-2020-11132u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2018-5893While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM,EPSS 0.2%CVE-2020-11304HIGHPossible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapEPSS 0.2%CVE-2020-11267HIGHStack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, EPSS 0.2%CVE-2017-18277When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memoEPSS 0.2%CVE-2018-12014In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerabEPSS 0.2%CVE-2017-14888In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the hosEPSS 0.2%CVE-2019-14116Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during theEPSS 0.2%CVE-2017-18330Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear EPSS 0.2%CVE-2017-18312While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking ofEPSS 0.2%CVE-2020-11186Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in SnapdrEPSS 0.2%CVE-2018-13889In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after itEPSS 0.2%CVE-2020-11306HIGHPossible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.2%CVE-2017-15828In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in EPSS 0.2%CVE-2020-3664Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2020-11282Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPUEPSS 0.2%CVE-2021-35106HIGHPossible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivitEPSS 0.2%