Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32025

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.

Published

2022-03-10T17:42:14.083

Last Modified

2024-11-21T06:06:44.353

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	blackberry	qnx_momentics	6.3.0	Yes
Application	blackberry	qnx_momentics	6.3.2	Yes
Application	blackberry	qnx_software_development_platform	≤ 7.0	Yes
Operating System	blackberry	qnx_os_for_medical	< 1.1.2	Yes
Operating System	blackberry	qnx_os_for_medical	2.0.0	Yes
Operating System	blackberry	qnx_os_for_safety	< 1.0.3	Yes
Operating System	blackberry	qnx_os_for_safety	< 2.0.2	Yes

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 Patch, Vendor Advisory ([email protected])
http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)