Back to overview

CVE-2026-4017

HIGH
7.4
CVSS 3.1
Description
Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Metadata

CVE ID
CVE-2026-4017
State
PUBLISHED
Assigner
blackberry
Reserved
2026-03-11 19:20 UTC
Published
2026-07-14 17:25 UTC
Last updated
2026-07-14 17:25 UTC
Primary CWE
CWE-121
CWE-121 Stack-based buffer overflow
Vendor / Product
BlackBerry Ltd / QNX Software Development Platform
Sources
cve.org  ·  NVD

Severity & Metrics

7.4 HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (3)
VendorProductPlatformVersions
BlackBerry Ltd QNX OS for Safety 2.2.8 and earlier, cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:8:*:*:*:*:*:*, 2.1.5 and earlier, cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:5:*:*:*:*:*:* …
BlackBerry Ltd QNX Software Development Platform 7.1, cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*, 7.0, cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*
BlackBerry Ltd. QNX OS for Medical 2.0.2 and earlier, cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:2:*:*:*:*:*:*
Weakness (CWE)
CWESourceDescription
CWE-121 cna CWE-121 Stack-based buffer overflow
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.4 HIGH 3.1 cna CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview