Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10617Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registEPSS 0.2%CVE-2020-11129u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-afEPSS 0.2%CVE-2019-14071Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secureEPSS 0.2%CVE-2017-15835In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data DesEPSS 0.2%CVE-2020-3617u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads EPSS 0.2%CVE-2019-2251If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overfEPSS 0.2%CVE-2020-3642Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy ofEPSS 0.2%CVE-2019-2274Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics CEPSS 0.2%CVE-2019-10605Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in SnapdragEPSS 0.2%CVE-2019-10536Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on EPSS 0.2%CVE-2025-47326HIGHBuffer Over-read in WLAN HALEPSS 0.2%CVE-2019-10600Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in SnapdrEPSS 0.2%CVE-2018-5903Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon Auto, SnaEPSS 0.2%CVE-2019-10480Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon AutoEPSS 0.2%CVE-2019-14055Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in SnaEPSS 0.2%CVE-2019-10595Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in SnapdrEPSS 0.2%CVE-2019-10601Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon EPSS 0.2%CVE-2019-10603Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in SnapdEPSS 0.2%CVE-2019-10607Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in SnapdragoEPSS 0.2%CVE-2020-3665A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of raEPSS 0.2%