Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-11265In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while iEPSS 0.2%CVE-2019-14023String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminatedEPSS 0.2%CVE-2020-11234HIGHWhen sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting iEPSS 0.2%CVE-2019-14049Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in SnapdEPSS 0.2%CVE-2019-14085Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.2%CVE-2019-14024Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MEPSS 0.2%CVE-2019-14046Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, SnaEPSS 0.2%CVE-2019-14051Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow EPSS 0.2%CVE-2018-11886In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating EPSS 0.2%CVE-2019-14050Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdragon Auto, SnEPSS 0.2%CVE-2019-14036Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer EEPSS 0.2%CVE-2019-14027Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Connectivity,EPSS 0.2%CVE-2018-11888Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2019-14015A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates proviEPSS 0.2%CVE-2019-14026Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.2%CVE-2019-10569Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, SnapEPSS 0.2%CVE-2018-3595Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, EPSS 0.2%CVE-2020-11175u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to impropEPSS 0.2%CVE-2018-5827In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2020-3632u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSMEPSS 0.2%