Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-35118MEDIUMAn out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.1%CVE-2021-35092MEDIUMProcessing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto,EPSS 0.1%CVE-2021-1923HIGHIncorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon ComEPSS 0.1%CVE-2017-15862In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number EPSS 0.1%CVE-2021-35121MEDIUMAn array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon CEPSS 0.1%CVE-2025-47342HIGHUse After Free in BT ControllerEPSS 0.1%CVE-2025-47402MEDIUMBuffer Over-read in WLAN FirmwareEPSS 0.1%CVE-2021-35098MEDIUMImproper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.1%CVE-2019-10492Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 21EPSS 0.1%CVE-2021-35120MEDIUMImproper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, SnapEPSS 0.1%CVE-2021-1891HIGHA possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon ComputEPSS 0.1%CVE-2021-1929MEDIUMLack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnEPSS 0.1%CVE-2017-15861In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is recEPSS 0.1%CVE-2020-11160Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in SnapdragEPSS 0.1%CVE-2020-11293MEDIUMOut of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in SnEPSS 0.1%CVE-2020-11203Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, SnapEPSS 0.1%CVE-2021-30259HIGHPossible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectEPSS 0.1%CVE-2024-23373HIGHUse After Free in GraphicsEPSS 0.1%CVE-2021-1973HIGHA FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdraEPSS 0.1%CVE-2019-14001Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOTEPSS 0.1%