Vulnerabilidades en Qualcomm, Inc.

2945 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2024-23373HIGHUse After Free in GraphicsEPSS 0.1%CVE-2021-1912HIGHPossible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon ComEPSS 0.1%CVE-2026-21381HIGHBuffer Over-read in WLAN FirmwareEPSS 0.1%CVE-2021-30267HIGHPossible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.1%CVE-2017-18169User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OSEPSS 0.1%CVE-2021-1942CRITICALImproper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.1%CVE-2021-35095HIGHImproper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register EPSS 0.1%CVE-2017-8244In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_bEPSS 0.1%CVE-2021-30260HIGHPossible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuratEPSS 0.1%CVE-2020-11294MEDIUMOut of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, SEPSS 0.1%CVE-2021-1930MEDIUMPossible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectEPSS 0.1%CVE-2017-14873In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() gEPSS 0.1%CVE-2021-30285CRITICALImproper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon CEPSS 0.1%CVE-2024-38408HIGHCryptographic Issues in BT ControllerEPSS 0.1%CVE-2021-1966MEDIUMPossible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute,EPSS 0.1%CVE-2021-1985HIGHPossible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon CEPSS 0.1%CVE-2021-30306HIGHPossible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon ConnectiviEPSS 0.1%CVE-2021-30318HIGHImproper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, SnapdragonEPSS 0.1%CVE-2021-30262HIGHImproper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, EPSS 0.1%CVE-2020-11161Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon AEPSS 0.1%