Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2020-11308Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, SnEPSS 0.2%CVE-2021-1956MEDIUMImproper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon CEPSS 0.2%CVE-2021-1960MEDIUMImproper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, SnEPSS 0.2%CVE-2017-8252Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2020-3690u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2018-5891While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. ConsequeEPSS 0.2%CVE-2018-11996When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile andEPSS 0.2%CVE-2018-11267In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SEPSS 0.2%CVE-2015-9217In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 20EPSS 0.2%CVE-2020-3701Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon MobiEPSS 0.2%CVE-2017-18316Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon WeEPSS 0.2%CVE-2017-18315Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600.EPSS 0.2%CVE-2017-18141When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to prEPSS 0.2%CVE-2017-18320QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in EPSS 0.2%CVE-2018-5869Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MEPSS 0.2%CVE-2017-18331Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM96EPSS 0.2%CVE-2019-2306Improper casting of structure while handling the buffer leads to out of bound read in display in Snapdragon Auto, Snapdragon Connectivity, SEPSS 0.2%CVE-2017-18328Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM96EPSS 0.2%CVE-2022-33253HIGHBuffer over-read in WLANEPSS 0.2%CVE-2019-10617Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registEPSS 0.2%