Skip to main content

Qualcomm

Vendor security scorecard – 2 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 10
2
CVEs
1
Critical
0
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.2%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
0
MEDIUM
0
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-53046 Denial-of-service (NULL-pointer dereference / use-after-free) in the Linux kernel's in-kernel SMB3 server (ksmbd) affects systems that offload SMB3 message encryption to asynchronous hardware crypto engines such as the Qualcomm Crypto Engine (QCE). ksmbd_crypt_message() installs a NULL completion callback and misinterprets the -EINPROGRESS return from async AEAD requests as a fatal error, freeing the request while the hardware DMA is still running so the later qce_skcipher_done() callback dereferences freed memory and crashes the kernel. There is no public exploit identified at time of analysis, it is not in CISA KEV, and EPSS is low (0.18%, 8th percentile), consistent with the narrow hardware/configuration prerequisites despite the NVD CVSS of 9.8. CRITICAL 9.8 0.2% 49
CVE-2026-53339 In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() On all modern platfo – 0.2% 0

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy