Buffer Overflow in QNX Neutrino Kernel by BlackBerry
CVE-2026-4017

7.4HIGH

What is CVE-2026-4017?

A significant buffer overflow vulnerability exists in the entry handler of the TraceEvent() system call in the QNX Neutrino kernel. This flaw permits an attacker with local access to exploit the system, potentially leading to unauthorized information disclosure, tampering of data, or a complete crash of the kernel. Addressing this vulnerability is essential for maintaining system integrity and preventing exploitation.

Affected Version(s)

QNX OS for Medical 2.0.2 and earlier

QNX OS for Medical cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:2:*:*:*:*:*:*

QNX OS for Safety 2.2.8 and earlier

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.