Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-3565While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MEPSS 0.4%CVE-2018-3580Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releasesEPSS 0.4%CVE-2017-8273In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feaEPSS 0.4%CVE-2024-33064HIGHBuffer Over-read in WLAN Host CommunicationEPSS 0.4%CVE-2023-21659HIGHBuffer Over-read in WLAN FirmwareEPSS 0.4%CVE-2022-40538HIGHReachable assertion in ModemEPSS 0.4%CVE-2022-25710HIGHDenial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon IndustriEPSS 0.4%CVE-2022-33237HIGHTransient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.4%CVE-2022-22060HIGHReachable Assertion in ModemEPSS 0.4%CVE-2023-21661HIGHBuffer Over-read in WLAN FirmwareEPSS 0.4%CVE-2022-33236HIGHTransient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon ConnectEPSS 0.4%CVE-2022-40504HIGHReachable assertion in ModemEPSS 0.4%CVE-2022-33299HIGHNull pointer dereference in Bluetooth HOSTEPSS 0.4%CVE-2022-33285HIGHBuffer over-read in WLANEPSS 0.4%CVE-2022-33286HIGHBuffer over-read in WLANEPSS 0.4%CVE-2023-21658HIGHBuffer Over-Read in WLAN FirmwareEPSS 0.4%CVE-2022-33290HIGHNull pointer dereference in Bluetooth HOSTEPSS 0.4%CVE-2022-33239HIGHTransient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, SnapdragEPSS 0.4%CVE-2022-25741HIGHDenial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon CompuEPSS 0.4%CVE-2022-40508HIGHReachable assertion in ModemEPSS 0.4%