Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-11032In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur whenEPSS 0.1%CVE-2023-28568MEDIUMBuffer Over-read in WLAN HALEPSS 0.1%CVE-2017-9710In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI EPSS 0.1%CVE-2021-35084MEDIUMPossible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.1%CVE-2017-11072In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPEPSS 0.1%CVE-2017-9721In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a bufferEPSS 0.1%CVE-2018-5853A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD AndroiEPSS 0.1%CVE-2020-11298HIGHWhile waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HEPSS 0.1%CVE-2017-11085In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading EPSS 0.1%CVE-2017-11029In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers EPSS 0.1%CVE-2017-11081In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer EPSS 0.1%CVE-2017-9719In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, aEPSS 0.1%CVE-2017-11080In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user suppEPSS 0.1%CVE-2020-11220While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific timEPSS 0.1%CVE-2020-11230Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address EPSS 0.1%CVE-2024-23351HIGHImproper Access Control in Graphics LinuxEPSS 0.1%CVE-2023-28586MEDIUMImproper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OSEPSS 0.1%CVE-2021-1967MEDIUMPossible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN Match evenEPSS 0.1%CVE-2021-1939HIGHNull pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon EPSS 0.1%CVE-2021-30279HIGHPossible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, SnapdEPSS 0.1%