Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-11867Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile EPSS 0.3%CVE-2018-11882Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA6EPSS 0.3%CVE-2022-22067HIGHPotential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, SnapdraEPSS 0.3%CVE-2018-11856Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SEPSS 0.3%CVE-2017-18313Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSSEPSS 0.3%CVE-2023-43551CRITICALImproper Authentication in Multi-Mode Call ProcessorEPSS 0.3%CVE-2024-21452HIGHImproper Input Validation in Automotive TelematicsEPSS 0.3%CVE-2018-13905KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon ConsumerEPSS 0.3%CVE-2018-13900Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon CoEPSS 0.3%CVE-2017-18292Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile andEPSS 0.3%CVE-2017-18299Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and SEPSS 0.3%CVE-2024-49838HIGHBuffer Over-read in WLAN HOSTEPSS 0.3%CVE-2024-38426MEDIUMImproper Authentication in ModemEPSS 0.2%CVE-2018-11938Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, SnapdragoEPSS 0.2%CVE-2021-35093MEDIUMPossible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCEPSS 0.2%CVE-2018-11994SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile aEPSS 0.2%CVE-2025-21488HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2019-10567There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could alEPSS 0.2%CVE-2018-11874Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SDEPSS 0.2%CVE-2017-18300Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in SnapdragEPSS 0.2%