Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-11026In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partitionEPSS 0.1%CVE-2019-14119u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory coEPSS 0.1%CVE-2021-1935HIGHPossible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon ComputEPSS 0.1%CVE-2019-14072Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bEPSS 0.1%CVE-2023-28574CRITICALImproper Input Validation in CoreEPSS 0.1%CVE-2022-33219CRITICALInteger Overflow to Buffer Overflow in AutomotiveEPSS 0.1%CVE-2020-11254MEDIUMMemory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto,EPSS 0.1%CVE-2021-35101HIGHImproper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, EPSS 0.1%CVE-2021-35119MEDIUMPotential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, SnapdraEPSS 0.1%CVE-2021-35071MEDIUMPossible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service iEPSS 0.1%CVE-2020-11233Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without valiEPSS 0.1%CVE-2020-11152Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects inEPSS 0.1%CVE-2022-40539HIGHImproper Validation of Array Index in Automotive Android OSEPSS 0.1%CVE-2017-15856Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases frEPSS 0.1%CVE-2020-11151Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon AEPSS 0.1%CVE-2018-5860In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structuEPSS 0.1%CVE-2022-33218HIGHImproper Input Validation in AutomotiveEPSS 0.1%CVE-2024-49848MEDIUMUse After Free in DSP ServiceEPSS 0.1%CVE-2017-9691There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debuEPSS 0.1%CVE-2019-2345Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon InEPSS 0.1%