Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2020-11252HIGHTrustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2019-2297Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics ConEPSS 0.2%CVE-2021-35089HIGHPossible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon AutoEPSS 0.2%CVE-2019-10502Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, SEPSS 0.2%CVE-2021-35074HIGHPossible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, SEPSS 0.2%CVE-2019-10566Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in SnapdragEPSS 0.2%CVE-2019-10555Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2021-35075HIGHPossible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, EPSS 0.2%CVE-2018-3587In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android)EPSS 0.2%CVE-2020-3696u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking securitEPSS 0.2%CVE-2019-10483Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2018-11301In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length wEPSS 0.2%CVE-2019-10626Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon AutEPSS 0.2%CVE-2020-3620u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to EPSS 0.2%CVE-2019-10523Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.2%CVE-2020-11125u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon AuEPSS 0.2%CVE-2019-14067Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. iEPSS 0.2%CVE-2018-11276In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocationEPSS 0.2%CVE-2020-11174u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, SnapdragonEPSS 0.2%CVE-2019-14092System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon MoEPSS 0.2%