CVE-2021-32025

moderate-risk
Published 2022-03-10

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
LOCAL / HIGH complexity

Affected Products (6)

Qnx Momentics
Qnx Momentics
Qnx Software Development Platform
Qnx Os For Medical
Qnx Os For Medical
Qnx Os For Safety

Affected Vendors

Blackberry

References (2)

Patch http://support.blackberry.com/kb/articleDetail?articleNumber=000090868
Patch http://support.blackberry.com/kb/articleDetail?articleNumber=000090868
34
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 13/34 · Low