Qnx Os For Safety
Monthly
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.
Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.
Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.