BadAlloc Vuln Affects Devices Using Older BlackBerry QNX Products

  /     /     /  
Publicated : 23/11/2024   Category : security

BadAlloc Vuln Affects Devices Using Older BlackBerry QNX Products


CISA warns organizations with devices running affected QNX-based systems to immediately apply mitigations to protect them.


BlackBerry has disclosed its QNX Real Time Operating System (RTOS) is affected by BadAlloc vulnerability CVE-2021-22156, which if exploited could allow an attacker to perform a denial-of-service or execute malicious code on target devices, the Cybersecurity and Infrastructure Security Agency (CISA) says in an advisory.
BadAlloc is a series of critical memory allocation vulnerabilities affecting Internet of Things and operational technology devices that Microsoft
disclosed
earlier this year. At the time, CISA published a list of vendors affected by the vulnerability; now BlackBerry products are on its list.
BlackBerry, long known for making smartphones, has in recent years become a provider of software for industrial machinery. Its BlackBerry QNX is used in embedded systems across a range of industries, including automotive, medical devices, heavy machinery, commercial vehicles, industrial controls, aerospace and defense, robotics, and rail systems.
In an advisory published today, BlackBerry says the vulnerability exists in the
calloc()
function of the C runtime library in affected versions of the BlackBerry QNX software development platform (SDP) version 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier.
To exploit the vulnerability, an attacker must have control over the parameters to a
calloc()
function call, as well as the ability to control what memory is accessed after the allocation. They would also need network access, and, to be successful, the target devices would need to have a vulnerable service running and exposed.
Read the full
CISA advisory
and
BlackBerry release
for more details and mitigations.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
BadAlloc Vuln Affects Devices Using Older BlackBerry QNX Products