Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-10537Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eEPSS 0.2%CVE-2019-14060Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due toEPSS 0.2%CVE-2019-2315While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in EPSS 0.2%CVE-2019-10583Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.2%CVE-2019-2246Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto,EPSS 0.2%CVE-2019-14032Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnapdrEPSS 0.2%CVE-2018-11902In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check EPSS 0.2%CVE-2019-10602Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2020-11246HIGHA double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.2%CVE-2018-11838Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumeEPSS 0.2%CVE-2019-10558While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in SnapdEPSS 0.2%CVE-2020-11242HIGHUser could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contentEPSS 0.2%CVE-2019-10604Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packetEPSS 0.2%CVE-2019-10548While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in SEPSS 0.2%CVE-2019-2339Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2017-15825In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, aEPSS 0.2%CVE-2019-2329Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon CompuEPSS 0.2%CVE-2018-11895In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check ValidationEPSS 0.2%CVE-2019-14074u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.2%CVE-2020-11199HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in SnapdragoEPSS 0.2%