Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-22072HIGHBuffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2020-11165Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in SEPSS 0.2%CVE-2018-11304Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overfloEPSS 0.2%CVE-2021-30295HIGHPossible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, SnapdEPSS 0.2%CVE-2021-1915HIGHBuffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2020-11253Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivEPSS 0.2%CVE-2020-11204Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters thEPSS 0.2%CVE-2018-5828In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2020-3619u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption' iEPSS 0.2%CVE-2017-15820In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can poteEPSS 0.2%CVE-2020-11195Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in SnapEPSS 0.2%CVE-2020-11177User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in SnapdEPSS 0.2%CVE-2018-5898Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in AEPSS 0.2%CVE-2020-11194Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon AutEPSS 0.2%CVE-2020-11187Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, SnapdragEPSS 0.2%CVE-2017-17767In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component EPSS 0.2%CVE-2020-11223Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2018-3579In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_enEPSS 0.2%CVE-2020-11271Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.2%CVE-2017-17771In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.EPSS 0.2%