Elevation of Privilege Vulnerability in QNX Software Development Platform by BlackBerry
CVE-2021-32025

7.8HIGH

Key Information:

Vendor: Blackberry
Status: Qnx software Development Platform (sdp), Qnx Os For Medical (qosm), And Qnx Os For Safety (qos)
Vendor: CVE Published:; 10 March 2022

What is CVE-2021-32025?

An elevation of privilege vulnerability exists in the QNX Neutrino Kernel, impacting various versions of the QNX Software Development Platform, Momentics, and OS for Safety and Medical. This security flaw could enable an attacker to gain unauthorized access to sensitive data, alter system behavior, or lead to a permanent system crash, compromising the integrity and functionality of affected devices.

Affected Version(s)

QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) QNX SDP 6.4.0 to 7.0

QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) QNX Momentics all 6.3.x versions

QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2022
Vulnerability Reserved
May 3, 2021

Blackberry

What is CVE-2021-32025?

Affected Version(s)

References

CVSS V3.1

Timeline