Skip to main content

Qnx Os For Safety

4 CVEs product

Monthly

CVE-2026-4018 MEDIUM This Month

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Information Disclosure Qnx Software Development Platform Qnx Os For Safety Qnx Os For Medical
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4017 HIGH This Week

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.

Buffer Overflow Stack Overflow Information Disclosure Qnx Software Development Platform Qnx Os For Safety +1
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-0515 MEDIUM This Month

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.

Denial Of Service Qnx Software Development Platform Qnx Os For Safety Qnx Os For Medical
NVD VulDB
CVSS 3.1
6.2
EPSS
0.1%
CVE-2021-22156 CRITICAL PATCH Act Now

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service RCE Qnx Software Development Platform Qnx Os For Medical +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
EPSS 0% CVSS 6.4
MEDIUM This Month

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Information Disclosure Qnx Software Development Platform Qnx Os For Safety +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.

Buffer Overflow Stack Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.

Denial Of Service Qnx Software Development Platform Qnx Os For Safety +1
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service RCE +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy