foundry27 : Post

Forum Topic - kernel buffer overflow. patch ID 4845: (1 Item)

View: as

Yichang Lin

07/06/2021 9:38 PM

post121505

kernel buffer overflow. patch ID 4845

I got this alert email today.

Does QNX have any evaluation or side effect check result for the patch ID 4845 ?
This issue seem serious, We are consider patch to our product.

Thanks.

===
Please review this alert for important information about potential security vulnerabilities present in some BlackBerry®
 QNX® products.
 
Issue Description
A defect was found in the parameter processing of posix_spawn() and posix_spawnp() functions that could allow a 
malicious program to cause a kernel buffer overflow.
 
Products Affected
This issue exists in:
•	BlackBerry QNX SDP 6.6.0 and earlier versions
•	QNX OS for Safety versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
•	QNX OS for Medical versions 1.1 and earlier safety products compliant with IEC 62304
Issue Impact
This vulnerability could allow a malicious user-space program to trigger a buffer overflow within the kernel leading to 
denial of service and possibly code execution.

Return

The text you entered is not a valid object ID
More Information
Object IDs begin with an object prefix and end with a number. For example, if you enter
artf2345
the application will jump directly to an artifact with the ID artf2345. Some valid object prefixes are:
artf	for an artifact
doc	for a document
page	for a project page
topc	for a discussion topic
wiki	for a wiki page