Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-8262In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race conditiEPSS 0.3%CVE-2017-14894In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.3%CVE-2023-28555HIGHBuffer Over-read in AudioEPSS 0.3%CVE-2017-14890In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.3%CVE-2018-5821In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.3%CVE-2017-15836In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.3%CVE-2016-10297In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentiEPSS 0.3%CVE-2020-3702u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with EPSS 0.3%CVE-2017-7370In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free cEPSS 0.3%CVE-2017-11022In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originateEPSS 0.3%CVE-2017-14905In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a speciallyEPSS 0.3%CVE-2017-14903In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTEPSS 0.3%CVE-2023-33040HIGHBuffer Over-read in Data ModemEPSS 0.3%CVE-2023-33109HIGHNULL Pointer Dereference in WLAN FirmwareEPSS 0.3%CVE-2023-33080HIGHBuffer over-read in WLAN FirmwareEPSS 0.3%CVE-2023-33062HIGHBuffer Over-read in WLAN FirmwareEPSS 0.3%CVE-2017-11076HIGHUse of Out-of-range Pointer Offset in VideoEPSS 0.3%CVE-2017-17772HIGHMultiple buffer overread vulnerabilities in WLANEPSS 0.3%CVE-2024-33073HIGHBuffer Over-read in WLAN Host CommunicationEPSS 0.3%CVE-2022-25667HIGHInformation disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and NetworkingEPSS 0.3%