Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-30339CRITICALReading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IEPSS 0.2%CVE-2018-5824In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2017-15846In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted EPSS 0.2%CVE-2017-14892In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_opeEPSS 0.2%CVE-2020-11240Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy ofEPSS 0.2%CVE-2019-14089u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a userEPSS 0.2%CVE-2020-11178Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its EPSS 0.2%CVE-2018-5823In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2021-1927HIGHPossible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.2%CVE-2022-22085HIGHMemory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivityEPSS 0.2%CVE-2021-35114HIGHImproper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon AutoEPSS 0.2%CVE-2017-17771In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.EPSS 0.2%CVE-2022-22082HIGHMemory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon CompuEPSS 0.2%CVE-2024-38402HIGHUse After Free in DSP ServicesEPSS 0.2%CVE-2023-33092HIGHBuffer Copy Without Checking Size of Input in Bluetooth HOSTEPSS 0.2%CVE-2021-1917HIGHNull pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,EPSS 0.2%CVE-2021-35129HIGHMemory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2023-33022HIGHInteger Overflow to Buffer Overflow in HLOSEPSS 0.2%CVE-2021-35126HIGHMemory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivEPSS 0.2%CVE-2021-35091HIGHPossible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon MEPSS 0.2%