Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-15851Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android rEPSS 0.2%CVE-2018-5843In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using thEPSS 0.2%CVE-2018-5899In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-0EPSS 0.2%CVE-2018-5851Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releEPSS 0.2%CVE-2018-5842An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (AnEPSS 0.2%CVE-2021-30327HIGHBuffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, SnapdragoEPSS 0.2%CVE-2017-15844In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function foEPSS 0.2%CVE-2018-11987In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alEPSS 0.2%CVE-2018-11846The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SDEPSS 0.2%CVE-2017-8245In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload sEPSS 0.2%CVE-2019-10575Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon CEPSS 0.2%CVE-2017-14893While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller EPSS 0.2%CVE-2021-1886HIGHIncorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon CompEPSS 0.2%CVE-2020-3626Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.2%CVE-2018-5895Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packeEPSS 0.2%CVE-2017-14872While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in AndroiEPSS 0.2%CVE-2022-40540HIGHBuffer copy without checking the size of input in Linux KernelEPSS 0.2%CVE-2021-1888HIGHMemory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2021-1924CRITICALInformation disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, EPSS 0.2%CVE-2022-22068HIGHkernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, SnapdrEPSS 0.2%