An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

CVE-2021-22156

Ensure that only ports and protocols used by the application using the RTOS are accessible, blocking all others.

Follow network segmentation, vulnerability scanning, and intrusion detection best practices appropriate for use of the QNX product in your cybersecurity environment to prevent malicious or unauthorized access to vulnerable devices.

Ensure that only ports and protocols used by the application using the RTOS are accessible, blocking all others.
Follow network segmentation, vulnerability scanning, and intrusion detection best practices appropriate for use of the QNX product in your cybersecurity environment to prevent malicious or unauthorized access to vulnerable devices.

Mitigations for QNX-2021-001 Vulnerability 

The updates listed above are now available through the QNX Download Center here:
6.5.0SP1 https://www.qnx.com/download/feature.html?programid=59649
QNX OS for Safety 1.0.2 https://www.qnx.com/download/group.html?programid=27165
QNX OS for Medical 1.1.1 https://www.qnx.com/download/group.html?programid=26463
BlackBerry QNX recommends that all affected QNX SDP, QNX OS for Safety, and QNX OS for Medical customers update their QNX products at their earliest convenience.

To access these links, you must be logged in to your myQNX account.

If you have received updates through a services engagement or are not sure whether this advisory applies to your specific BlackBerry QNX products, please contact your BlackBerry QNX
support representative for assistance.
Entities who use the vulnerable product for a purpose which is regulated by law for safety or security should follow all relevant safety or security guidance from regulatory agencies as to the secure configuration of their device.

The updates listed above are now available through the QNX Download Center here:
6.5.0SP1 <a href="https://www.qnx.com/download/feature.html?programid=59649">https://www.qnx.com/download/feature.html?programid=59649</a>
QNX OS for Safety 1.0.2 <a href="https://www.qnx.com/download/group.html?programid=27165">https://www.qnx.com/download/group.html?programid=27165</a>
QNX OS for Medical 1.1.1 <a href="https://www.qnx.com/download/group.html?programid=26463">https://www.qnx.com/download/group.html?programid=26463</a>
BlackBerry QNX recommends that all affected QNX SDP, QNX OS for Safety, and QNX OS for Medical customers update their QNX products at their earliest convenience.
To access these links, you must be logged in to your myQNX account.
If you have received updates through a services engagement or are not sure whether this advisory applies to your specific BlackBerry QNX products, please contact your BlackBerry QNX
support representative for assistance.
Entities who use the vulnerable product for a purpose which is regulated by law for safety or security should follow all relevant safety or security guidance from regulatory agencies as to the secure configuration of their device.

Software Update(s) for QNX-2021-001 Vulnerability 

Featured CVEs

Feed of the featured CVEs from Vulcan Remedy Cloud.

Vulcan Remedy Cloud - Featured CVEs

Thank you for downloading from Remedy Cloud!

Please fill out the form to download the CSV

Your Script is On It's Way!

Tell us where to send the script

Your Email Was Successfully Sent!

Email

Your Name

Your fix has been sent successfully!

Suggest a Fix

Search for a CVE below to see all the available fixes

Remedy Cloud

Loading - Vulcan Remedy Cloud

The page you are looking for was moved, removed, renamed or might never existed.

CVE-2021-22156

2 fixes found:

Workaround

Mitigations for QNX-2021-001 Vulnerability

Workaround

Software Update(s) for QNX-2021-001 Vulnerability