BadAlloc Vuln Affects Devices Using Older BlackBerry QNX Products

  /     /     /  
Publicated : 23/11/2024   Category : security


BadAlloc Vuln Affects Devices Using Older BlackBerry QNX Products


CISA warns organizations with devices running affected QNX-based systems to immediately apply mitigations to protect them.



BlackBerry has disclosed its QNX Real Time Operating System (RTOS) is affected by BadAlloc vulnerability CVE-2021-22156, which if exploited could allow an attacker to perform a denial-of-service or execute malicious code on target devices, the Cybersecurity and Infrastructure Security Agency (CISA) says in an advisory.
BadAlloc is a series of critical memory allocation vulnerabilities affecting Internet of Things and operational technology devices that Microsoft
disclosed
earlier this year. At the time, CISA published a list of vendors affected by the vulnerability; now BlackBerry products are on its list.
BlackBerry, long known for making smartphones, has in recent years become a provider of software for industrial machinery. Its BlackBerry QNX is used in embedded systems across a range of industries, including automotive, medical devices, heavy machinery, commercial vehicles, industrial controls, aerospace and defense, robotics, and rail systems.
In an advisory published today, BlackBerry says the vulnerability exists in the
calloc()
function of the C runtime library in affected versions of the BlackBerry QNX software development platform (SDP) version 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier.
To exploit the vulnerability, an attacker must have control over the parameters to a
calloc()
function call, as well as the ability to control what memory is accessed after the allocation. They would also need network access, and, to be successful, the target devices would need to have a vulnerable service running and exposed.
Read the full
CISA advisory
and
BlackBerry release
for more details and mitigations.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BadAlloc Vuln Affects Devices Using Older BlackBerry QNX Products