Vulnerabilidades en Qualcomm, Inc.

2945 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-1909HIGHBuffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2017-15852Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.EPSS 0.2%CVE-2021-35070MEDIUMRPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon IndEPSS 0.2%CVE-2017-14897In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMEPSS 0.2%CVE-2021-30338HIGHImproper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon ComputeEPSS 0.2%CVE-2022-22090HIGHMemory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, EPSS 0.2%CVE-2023-33017HIGHBuffer Copy Without Checking Size of Input in BootEPSS 0.2%CVE-2023-33079HIGHUse of Out-of-range Pointer Offset in AudioEPSS 0.2%CVE-2021-30308HIGHPossible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, SnapdEPSS 0.2%CVE-2021-30258HIGHPossible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.2%CVE-2021-30289HIGHPossible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2020-11286An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories EPSS 0.2%CVE-2021-1983HIGHPossible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, SEPSS 0.2%CVE-2021-1984HIGHPossible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute,EPSS 0.2%CVE-2023-28587HIGHImproper Restriction of Operations within the Bounds of a Memory Buffer in BT ControllerEPSS 0.2%CVE-2021-35110HIGHPossible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon MobilEPSS 0.2%CVE-2023-33087HIGHBuffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in CoreEPSS 0.2%CVE-2021-30288HIGHPossible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon CEPSS 0.2%CVE-2021-30261HIGHPossible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in SEPSS 0.2%CVE-2018-11951Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in versEPSS 0.2%