Project Home
Project Home		 Documents
Documents		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
QNX Operating System/Discussion/OSTech/ kernel buffer overflow. patch ID 4845/List of Posts
BroadcastCommunity.qnx.com will be offline from May 31 6:00pm until June 2 12:00AM for upcoming system upgrades. For more information please go to https://community.qnx.com/sf/discussion/do/listPosts/projects.bazaar/discussion.bazaar.topc28418
Forum Topic - kernel buffer overflow. patch ID 4845: (1 Item)
   
Update
Yichang Lin
07/06/2021 9:38 PM
post121505
kernel buffer overflow. patch ID 4845   
I got this alert email today.

Does QNX have any evaluation or side effect check result for the patch ID 4845 ?
This issue seem serious, We are consider patch to our product.

Thanks.

===
Please review this alert for important information about potential security vulnerabilities present in some BlackBerry®
 QNX® products.
 
Issue Description
A defect was found in the parameter processing of posix_spawn() and posix_spawnp() functions that could allow a 
malicious program to cause a kernel buffer overflow.
 
Products Affected
This issue exists in:
•	BlackBerry QNX SDP 6.6.0 and earlier versions
•	QNX OS for Safety versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
•	QNX OS for Medical versions 1.1 and earlier safety products compliant with IEC 62304
Issue Impact
This vulnerability could allow a malicious user-space program to trigger a buffer overflow within the kernel leading to 
denial of service and possibly code execution.

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems