Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-1890HIGHImproper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, SEPSS 0.2%CVE-2018-5844In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases froEPSS 0.2%CVE-2018-3576improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android relEPSS 0.2%CVE-2017-18070In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_nEPSS 0.2%CVE-2018-3571In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After FEPSS 0.2%CVE-2018-3572While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all AndEPSS 0.2%CVE-2018-3581In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overEPSS 0.2%CVE-2018-5847Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, FiEPSS 0.2%CVE-2020-11260An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon MobileEPSS 0.2%CVE-2024-33060HIGHUse After Free in DSP ServiceEPSS 0.2%CVE-2025-47392HIGHInteger Overflow or Wraparound in GPSEPSS 0.2%CVE-2017-15842Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android forEPSS 0.2%CVE-2021-1959HIGHPossible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdrEPSS 0.2%CVE-2018-5854A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF usiEPSS 0.2%CVE-2018-5896In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-0EPSS 0.2%CVE-2018-3582Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (AndroidEPSS 0.2%CVE-2017-15854The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_evEPSS 0.2%CVE-2021-35102HIGHPossible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, SnapdrEPSS 0.2%CVE-2022-22072HIGHBuffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2021-1915HIGHBuffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%