Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10513Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2019-10616Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2021-1940HIGHUse after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,EPSS 0.2%CVE-2017-18312While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking ofEPSS 0.2%CVE-2020-11186Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in SnapdrEPSS 0.2%CVE-2020-11132u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2017-14888In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the hosEPSS 0.2%CVE-2020-11267HIGHStack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, EPSS 0.2%CVE-2018-11962In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap whilEPSS 0.2%CVE-2017-18330Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear EPSS 0.2%CVE-2018-13889In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after itEPSS 0.2%CVE-2020-11306HIGHPossible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.2%CVE-2018-5893While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM,EPSS 0.2%CVE-2017-18277When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memoEPSS 0.2%CVE-2018-12014In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerabEPSS 0.2%CVE-2020-11304HIGHPossible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapEPSS 0.2%CVE-2019-14116Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during theEPSS 0.2%CVE-2020-3664Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2017-15828In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in EPSS 0.2%CVE-2018-13895Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access EPSS 0.2%