CVE-2026-4017
HIGH
7.4
CVSS 3.1
Description
Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Metadata
Severity & Metrics
7.4
HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (3)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| BlackBerry Ltd | QNX OS for Safety | — | 2.2.8 and earlier, cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:8:*:*:*:*:*:*, 2.1.5 and earlier, cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:5:*:*:*:*:*:* … |
| BlackBerry Ltd | QNX Software Development Platform | — | 7.1, cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*, 7.0, cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:* |
| BlackBerry Ltd. | QNX OS for Medical | — | 2.0.2 and earlier, cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:2:*:*:*:*:*:* |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-121 | cna | CWE-121 Stack-based buffer overflow |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.4 | HIGH | 3.1 | cna | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (1)