Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-2272Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon ConEPSS 0.2%CVE-2018-11297In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In EPSS 0.2%CVE-2018-13912Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon ConEPSS 0.2%CVE-2018-11842In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver EPSS 0.2%CVE-2018-11259Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-baEPSS 0.2%CVE-2018-11280In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space therEPSS 0.2%CVE-2020-11289HIGHOut of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2020-11288HIGHOut of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, SEPSS 0.2%CVE-2019-2298Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.2%CVE-2019-2343Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kerneEPSS 0.2%CVE-2019-2238Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leadEPSS 0.2%CVE-2018-11257Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versionsEPSS 0.2%CVE-2018-11947The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer ElectrEPSS 0.2%CVE-2018-13901Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, SnEPSS 0.2%CVE-2019-2263Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, SnEPSS 0.2%CVE-2019-10495Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2018-11899While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, SEPSS 0.2%CVE-2020-3680A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnapdEPSS 0.2%CVE-2015-9218In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 20EPSS 0.2%CVE-2019-2243Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure. in Snapdragon Auto,EPSS 0.2%