Skip to main content

Qualcomm

Vendor security scorecard – 3 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 4
3
CVEs
0
Critical
1
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
1
MEDIUM
1
LOW
0

Monthly CVE Trend

Affected Products (18)

Linux Kernel 7 Debian Linux 2 Android 2 Latitude 7030 Rugged Extreme Tablet Firmware 1 Latitude 7350 Detachable Firmware 1 Latitude 7350 Firmware 1 Latitude 7450 Firmware 1 Latitude 7650 Firmware 1 Latitude 9450 2 In 1 Firmware 1 Latitutde 5450 Firmware 1 Mobile Precision 3591 Firmware 1 Precision 3490 Firmware 1 Precision 3590 Firmware 1 Pro Rugged 13 Ra13250 Firmware 1 Pro Rugged 14 Rb14250 Firmware 1 Ubuntu 1 Latitude 5350 Firmware 1 Latitude 5550 Firmware 1

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-43347 Memory corruption in Linux kernel on Qualcomm Monaco-based ARM64 platforms causes kernel crashes through synchronous external aborts when accessing hypervisor-owned memory incorrectly marked as conventional RAM. The firmware's EFI memory map only reserves 288 KiB of a 512 KiB Gunyah hypervisor metadata region (0x91a80000-0x91afffff), leaving 224 KiB exploitable for triggering fatal aborts. Patches available for stable branches 6.18.24, 6.19.14, and 7.0 series. EPSS exploitation probability is very low (0.02%, 4th percentile) with no known active exploitation or public POC, indicating limited real-world threat despite CVSS 7.5 rating. HIGH 7.5 0.0% 38
CVE-2026-43412 NULL pointer dereference in the Linux kernel's ASoC QCOM QDSP6 subsystem crashes systems built on Qualcomm SA8775P and SC8280XP SoCs during ADSP protection-domain restart cycles. The crash occurs because the q6apm-audio .remove callback prematurely deletes Runtime Descriptions (RTDs) containing q6apm DAI components during ASoC teardown, leaving those components still linked to the sound card and triggering a kernel oops on the subsequent rebind. Impact is limited to availability (kernel panic/denial of service); no public exploit has been identified at time of analysis, and EPSS at 0.02% reflects very low widespread exploitation probability. MEDIUM 5.5 0.0% 28
CVE-2026-46055 In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.0 – 0.0% –

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy