����������

Executive Summary

BlackBerry identified the following products are affected by an integer overflow vulnerability (CVE-2021-22156) with CVSS Score 9.0: BlackBerry QNX Software Development Platform (SDP) version 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1.

BlackBerry states there “are no known workarounds for this vulnerability.” CISA recommends applying patches as soon as they are available from BlackBerry. BlackBerry provides mitigations and recommendations to “reduce the possibility of exploitation.”

Report

CISA - Alert (AA21-229A) BadAlloc Vulnerability Affecting BlackBerry QNX RTO

Impact to HPH Sector

The Healthcare and Public Health Sector is affected by the CVE-2021-22156 vulnerability found in BlackBerry’s QNX OS Software. Exploitation of this vulnerability, “could lead to a denial-of-service condition or arbitrary code execution in affected devices.”

References

BlackBerry – QNX-2021-001 Vulnerability in the C Runtime Library Impacts BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical, and QNX OS for Safety

BlackBerry – Update Available for 6.5.0SP1

BlackBerry – Update Available for QNX OS for Safety 1.0.2

BlackBerry – Update Available for QNX OS for Medical 1.1.1
https://www.qnx.com/download/group.html?programid=26463

Contact Information

If you have any additional questions, please contact us at .