Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10620Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapdragon ConsEPSS 0.2%CVE-2020-3610Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount EPSS 0.2%CVE-2021-35103HIGHPossible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon AEPSS 0.2%CVE-2018-11281In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RUEPSS 0.2%CVE-2019-10608Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows userEPSS 0.2%CVE-2020-11120u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffEPSS 0.2%CVE-2020-3636u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto, SnapdraEPSS 0.2%CVE-2020-3622u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL terEPSS 0.2%CVE-2020-11133u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdragon Compute, Snapdragon Consumer IOT, SEPSS 0.2%CVE-2019-2295Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.2%CVE-2020-3648u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.2%CVE-2019-14077Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, SnapdEPSS 0.2%CVE-2020-3630Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.2%CVE-2017-15855In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2019-14094Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, EPSS 0.2%CVE-2019-14078Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, SEPSS 0.2%CVE-2019-2338Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in EPSS 0.2%CVE-2020-3635Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.2%CVE-2021-35105HIGHPossible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2019-10547When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, SnapdraEPSS 0.2%