Skip to main content

Qnx Software Development Platform CVE-2019-8998

HIGH
Improper Resource Locking (CWE-413)
2019-07-12 secure@blackberry.com
7.8
CVSS 3.1 · Vendor: blackberry
Share

Severity by source

Vendor (blackberry) PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (blackberry) · only source for this CVE.

CVSS VectorVendor: blackberry

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 12, 2019 - 16:15 cve.org
HIGH 7.8

DescriptionCVE.org

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.

AnalysisAI

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s). Rated high severity (CVSS 7.8).

Technical ContextAI

This vulnerability is classified under CWE-413. An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. Affected products include: Blackberry Qnx Software Development Platform.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-2687 HIGH POC
7.8 Jul 12

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2)

CVE-2013-2688 MEDIUM POC
5.4 Jul 12

Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform al

CVE-2025-2474 CRITICAL
9.8 Jun 10

A security vulnerability in the PCX image codec in QNX SDP (CVSS 9.8) that allows an unauthenticated attacker. Critical

CVE-2021-32024 CRITICAL
9.8 Dec 13

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an

CVE-2021-22156 CRITICAL
9.8 Aug 17

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry®

CVE-2020-6932 CRITICAL
9.8 Aug 12

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Softwa

CVE-2017-3891 CRITICAL
9.6 Nov 14

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default conf

CVE-2024-35213 CRITICAL
9.0 Jun 11

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an

CVE-2026-4017 HIGH
7.4 Jul 14

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a s

CVE-2023-32701 HIGH
7.1 Nov 14

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to pot

CVE-2026-4018 MEDIUM
6.4 Jul 14

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local acce

CVE-2026-0515 MEDIUM
6.2 Jul 14

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a cra

Share

CVE-2019-8998 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy