Vulnerabilidades en Qualcomm, Inc.

2945 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-1963MEDIUMPossible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, SEPSS 0.1%CVE-2021-35121MEDIUMAn array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon CEPSS 0.1%CVE-2019-10492Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 21EPSS 0.1%CVE-2020-11293MEDIUMOut of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in SnEPSS 0.1%CVE-2021-1923HIGHIncorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon ComEPSS 0.1%CVE-2017-15861In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is recEPSS 0.1%CVE-2021-35120MEDIUMImproper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, SnapEPSS 0.1%CVE-2025-47402MEDIUMBuffer Over-read in WLAN FirmwareEPSS 0.1%CVE-2021-1891HIGHA possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon ComputEPSS 0.1%CVE-2021-35118MEDIUMAn out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.1%CVE-2021-1929MEDIUMLack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnEPSS 0.1%CVE-2020-11160Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in SnapdragEPSS 0.1%CVE-2017-15862In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number EPSS 0.1%CVE-2021-35098MEDIUMImproper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.1%CVE-2020-11203Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, SnapEPSS 0.1%CVE-2021-35092MEDIUMProcessing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto,EPSS 0.1%CVE-2021-1957MEDIUMImproper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in SnapdrEPSS 0.1%CVE-2021-30259HIGHPossible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectEPSS 0.1%CVE-2021-1973HIGHA FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdraEPSS 0.1%CVE-2026-21381HIGHBuffer Over-read in WLAN FirmwareEPSS 0.1%