Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-2277Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, SnapdraEPSS 0.2%CVE-2025-27029HIGHBuffer Over-read in WLAN HALEPSS 0.2%CVE-2018-11939Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon IndustrEPSS 0.2%CVE-2018-11924Improper buffer length validation in WLAN function can lead to a potential integer oveflow issue in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.2%CVE-2020-3676Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, SnapdragoEPSS 0.2%CVE-2019-2293Pointer dereference while freeing IFE resources due to lack of length check of in port resource. in Snapdragon Consumer IOT, Snapdragon InduEPSS 0.2%CVE-2025-21454HIGHBuffer Over-read in WLAN Embedded SWEPSS 0.2%CVE-2017-9692When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD AndrEPSS 0.2%CVE-2019-2299An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon CoEPSS 0.2%CVE-2025-21463HIGHBuffer Over-read in WLAN Host CommunicationEPSS 0.2%CVE-2019-10621Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, EPSS 0.2%CVE-2019-2290Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, SnapdragoEPSS 0.2%CVE-2019-2312When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received in SnapdraEPSS 0.2%CVE-2020-11164u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in SnapdragoEPSS 0.2%CVE-2018-11929Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon IndustEPSS 0.2%CVE-2019-2248Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2018-11923Improper buffer length check before copying can lead to integer overflow and then a buffer overflow in WMA event handler in Snapdragon Auto,EPSS 0.2%CVE-2018-11898In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss requeEPSS 0.2%CVE-2019-14081Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, SnapEPSS 0.2%CVE-2018-11836In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead tEPSS 0.2%