Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-14042Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto, SnEPSS 0.2%CVE-2019-10625Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, SnEPSS 0.2%CVE-2018-3564In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before securityEPSS 0.2%CVE-2020-11162u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in SnapdragoEPSS 0.2%CVE-2022-33289MEDIUMImproper validation of array index in ModemEPSS 0.2%CVE-2017-8276Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDEPSS 0.2%CVE-2021-35109MEDIUMPossible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon ConnectiEPSS 0.2%CVE-2019-14053When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to EPSS 0.2%CVE-2019-14043Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdragon ComputeEPSS 0.2%CVE-2020-11131u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in SnaEPSS 0.2%CVE-2019-10623Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in EPSS 0.2%CVE-2019-14038Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in SnaEPSS 0.2%CVE-2017-15823In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not pEPSS 0.2%CVE-2019-14101Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected EPSS 0.2%CVE-2019-14039Out of bound read in adm call back function due to incorrect boundary check for payload in command response in Snapdragon Auto, Snapdragon CEPSS 0.2%CVE-2020-11121u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, SnaEPSS 0.2%CVE-2021-35074HIGHPossible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, SEPSS 0.2%CVE-2019-10545Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer ElectronEPSS 0.2%CVE-2019-10616Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2021-1940HIGHUse after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,EPSS 0.2%