Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-14068Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumerEPSS 0.2%CVE-2024-53019HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2025-21427HIGHBuffer Over-read in Data HLOS - LNXEPSS 0.2%CVE-2018-11860In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow couEPSS 0.2%CVE-2019-10481Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in EPSS 0.2%CVE-2024-53020HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2018-11851In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received EPSS 0.2%CVE-2019-14034Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2019-10585Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free EPSS 0.2%CVE-2018-11298In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LEPSS 0.2%CVE-2020-11245HIGHUnintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2020-11237HIGHMemory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in SnapdragonEPSS 0.2%CVE-2019-2321Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2019-10582Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, SnEPSS 0.2%CVE-2019-14028Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivitEPSS 0.2%CVE-2019-2288Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2019-14000Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and potentEPSS 0.2%CVE-2024-53021HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2019-14029Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2019-14030The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound checkEPSS 0.2%