NULL Pointer Dereference in IP Socket Options Processing Could Lead to Denial-of-Service
CVE-2024-35215

6.2MEDIUM

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (sdp)
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-35215?

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.

Affected Version(s)

QNX Software Development Platform (SDP) 7.1 and 7.0

References

https://support.blackberry.com/pkb/s/article/140162

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
May 13, 2024

Blackberry

What is CVE-2024-35215?

Affected Version(s)

References

CVSS V3.1

Timeline