Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-2250Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, EPSS 0.2%CVE-2020-11148Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggEPSS 0.2%CVE-2018-11826In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overfloEPSS 0.2%CVE-2020-11183A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in EPSS 0.2%CVE-2018-11857Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850EPSS 0.2%CVE-2025-47328HIGHBuffer Over-read in WLAN HALEPSS 0.2%CVE-2018-11950Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850EPSS 0.2%CVE-2020-11150Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of poinEPSS 0.2%CVE-2019-10618Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCEPSS 0.2%CVE-2019-2346Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon CompuEPSS 0.2%CVE-2017-18311XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration portEPSS 0.2%CVE-2018-5913A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute,EPSS 0.2%CVE-2018-13910Out-of-Bounds access in TZ due to invalid index calculated to check against DDR in Snapdragon Auto, Snapdragon Connectivity, Snapdragon ConsEPSS 0.2%CVE-2018-3588There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon EPSS 0.2%CVE-2018-11824A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SDEPSS 0.2%CVE-2018-5835If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android EPSS 0.2%CVE-2020-11146Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2020-3674Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, SnapdrEPSS 0.2%CVE-2018-11855If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in SnapdEPSS 0.2%CVE-2019-2261Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, SEPSS 0.2%