Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-30275CRITICALPossible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2021-30292HIGHPossible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.2%CVE-2021-30276CRITICALImproper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon CompEPSS 0.2%CVE-2021-1947HIGHUse-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity,EPSS 0.2%CVE-2021-30257HIGHPossible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon ConnecEPSS 0.2%CVE-2021-30274HIGHPossible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, SnapdraEPSS 0.2%CVE-2024-23380HIGHUse After Free in GraphicsEPSS 0.2%CVE-2021-30316HIGHPossible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity, SEPSS 0.2%CVE-2021-30335HIGHPossible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon AEPSS 0.2%CVE-2017-15824In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-0EPSS 0.2%CVE-2021-30291HIGHPossible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.2%CVE-2021-30323HIGHImproper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.2%CVE-2021-30337HIGHPossible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, SnEPSS 0.2%CVE-2021-30315HIGHImproper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon AutoEPSS 0.2%CVE-2017-9722In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hEPSS 0.2%CVE-2021-30322HIGHPossible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, SnEPSS 0.2%CVE-2021-30282HIGHPossible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, SnapdragoEPSS 0.2%CVE-2021-30268HIGHPossible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon CoEPSS 0.2%CVE-2024-33016MEDIUMImproper Restriction of Operations within the Bounds of a Memory Buffer in StorageEPSS 0.2%CVE-2019-14091Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%