Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2026-25293CRITICALIncorrect authorization in PLC FWEPSS 0.2%CVE-2018-13927Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in SnaEPSS 0.2%CVE-2020-11257Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and NetworkingEPSS 0.2%CVE-2020-11282Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPUEPSS 0.2%CVE-2020-11259Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and NetworkingEPSS 0.2%CVE-2020-11258Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and NetworkingEPSS 0.2%CVE-2019-2257Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon ConsumerEPSS 0.2%CVE-2021-35106HIGHPossible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivitEPSS 0.2%CVE-2021-35069HIGHImproper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2023-21665HIGHIncorrect Type Conversion or Cast in GraphicsEPSS 0.2%CVE-2023-21666HIGHImproper Release of Memory Before Removing Last Reference (`Memory Leak`) in GraphicsEPSS 0.2%CVE-2019-2240While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in SnEPSS 0.2%CVE-2019-2241While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading toEPSS 0.2%CVE-2019-2237Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequEPSS 0.2%CVE-2023-33014HIGHImproper Input Validation in ServicesEPSS 0.2%CVE-2020-11290Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2020-11256Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and NetworkEPSS 0.2%CVE-2018-5836In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) beforeEPSS 0.2%CVE-2018-11960In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can ocEPSS 0.2%CVE-2018-11963In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to EPSS 0.2%