Vulnerabilites related to BlackBerry - QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)
CVE-2021-32025 (GCVE-0-2021-32025)
Vulnerability from cvelistv5
Published
2022-03-09 20:37
Modified
2025-08-22 15:36
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • Elevation of privilege
  • CWE-368 - Context Switching Race Condition
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
References
Impacted products
Vendor Product Version
BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) Version: QNX SDP 6.4.0 to 7.0
Version: QNX Momentics all 6.3.x versions
Version: QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262
Version: QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262
Version: QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304
Version: QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:28.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
          "vendor": "BlackBerry",
          "versions": [
            {
              "status": "affected",
              "version": "QNX SDP 6.4.0 to 7.0"
            },
            {
              "status": "affected",
              "version": "QNX Momentics all 6.3.x versions"
            },
            {
              "status": "affected",
              "version": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
            },
            {
              "status": "affected",
              "version": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
            },
            {
              "status": "affected",
              "version": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
            },
            {
              "status": "affected",
              "version": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.\u003c/p\u003e"
            }
          ],
          "value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-368",
              "description": "CWE-368 Context Switching Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T15:36:00.384Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@blackberry.com",
          "ID": "CVE-2021-32025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "QNX SDP 6.4.0 to 7.0"
                          },
                          {
                            "version_value": "QNX Momentics all 6.3.x versions"
                          },
                          {
                            "version_value": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
                          },
                          {
                            "version_value": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
                          },
                          {
                            "version_value": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
                          },
                          {
                            "version_value": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868",
              "refsource": "MISC",
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2021-32025",
    "datePublished": "2022-03-09T20:37:56",
    "dateReserved": "2021-05-03T00:00:00",
    "dateUpdated": "2025-08-22T15:36:00.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}