Vulnerabilites related to blackberry - qnx_momentics
Vulnerability from fkie_nvd
Published
2022-03-10 17:42
Modified
2024-11-21 06:06
Severity ?
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics | 6.3.0 | |
| blackberry | qnx_momentics | 6.3.2 | |
| blackberry | qnx_software_development_platform | * | |
| blackberry | qnx_os_for_medical | * | |
| blackberry | qnx_os_for_medical | 2.0.0 | |
| blackberry | qnx_os_for_safety | * | |
| blackberry | qnx_os_for_safety | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC84B1C-6981-4C3D-952E-4F724EFDEF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44452791-7402-44DD-ADB1-2A36310EB365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51E6454-60B6-4913-BCF4-F23C3F1D8722",
"versionEndIncluding": "7.0",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC6F8A4-9440-4D3E-8FE8-B5F0A2BB34A2",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6348483-2214-4B7A-A61A-13813A3BC5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0913E9B4-F15A-4A86-B933-5D237FAA5451",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC0E7C7-275A-4214-8232-725CF8B70EE9",
"versionEndExcluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de elevaci\u00f3n de privilegios en el QNX Neutrino Kernel de las versiones afectadas de QNX Software Development Platform versi\u00f3n(es) 6.4.0 a 7.0, QNX Momentics todas las versiones 6.3.x, QNX OS for Safety versiones 1.0.0 a 1.0. 2, QNX OS for Safety versiones 2.0.0 a 2.0.1, QNX for Medical versiones 1.0.0 a 1.1.1, y QNX OS for Medical versi\u00f3n 2.0.0, podr\u00eda permitir a un atacante acceder potencialmente a los datos, modificar el comportamiento o bloquear permanentemente el sistema"
}
],
"id": "CVE-2021-32025",
"lastModified": "2024-11-21T06:06:44.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:42:14.083",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-07 17:41
Modified
2024-11-21 00:48
Severity ?
Summary
Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D84DF8-481C-4ADC-938A-96C5CC651A32",
"versionEndIncluding": "6.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila para phgrafx en QNX Momentics (alias RTOS) 6.3.2 y anteriores que permiten a los usuarios locales obtener privilegios a trav\u00e9s de un fichero largo .pal del directorio palette/."
}
],
"id": "CVE-2008-3024",
"lastModified": "2024-11-21T00:48:14.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-07T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30808"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3974"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.scanit.net/rd/advisories/adv01"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493816/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30024"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020411"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1996/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.scanit.net/rd/advisories/adv01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493816/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1996/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-3024
Vulnerability from cvelistv5
Published
2008-07-07 17:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.scanit.net/rd/advisories/adv01 | x_refsource_MISC | |
| http://www.securitytracker.com/id?1020411 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/493816/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43542 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1996/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30808 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/30024 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3974 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scanit.net/rd/advisories/adv01"
},
{
"name": "1020411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020411"
},
{
"name": "20080701 [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493816/100/0/threaded"
},
{
"name": "momentics-phgrafx-bo(43542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43542"
},
{
"name": "ADV-2008-1996",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1996/references"
},
{
"name": "30808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30808"
},
{
"name": "30024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30024"
},
{
"name": "3974",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scanit.net/rd/advisories/adv01"
},
{
"name": "1020411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020411"
},
{
"name": "20080701 [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493816/100/0/threaded"
},
{
"name": "momentics-phgrafx-bo(43542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43542"
},
{
"name": "ADV-2008-1996",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1996/references"
},
{
"name": "30808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30808"
},
{
"name": "30024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30024"
},
{
"name": "3974",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scanit.net/rd/advisories/adv01",
"refsource": "MISC",
"url": "http://www.scanit.net/rd/advisories/adv01"
},
{
"name": "1020411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020411"
},
{
"name": "20080701 [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493816/100/0/threaded"
},
{
"name": "momentics-phgrafx-bo(43542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43542"
},
{
"name": "ADV-2008-1996",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1996/references"
},
{
"name": "30808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30808"
},
{
"name": "30024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30024"
},
{
"name": "3974",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3024",
"datePublished": "2008-07-07T17:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32025
Vulnerability from cvelistv5
Published
2022-03-09 20:37
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) |
Version: QNX SDP 6.4.0 to 7.0 Version: QNX Momentics all 6.3.x versions Version: QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262 Version: QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262 Version: QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304 Version: QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QNX SDP 6.4.0 to 7.0"
},
{
"status": "affected",
"version": "QNX Momentics all 6.3.x versions"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T20:37:56",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-32025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"version": {
"version_data": [
{
"version_value": "QNX SDP 6.4.0 to 7.0"
},
{
"version_value": "QNX Momentics all 6.3.x versions"
},
{
"version_value": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"version_value": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-32025",
"datePublished": "2022-03-09T20:37:56",
"dateReserved": "2021-05-03T00:00:00",
"dateUpdated": "2024-08-03T23:17:28.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}