Yichang Lin
|
kernel buffer overflow. patch ID 4845
|
Yichang Lin
07/06/2021 9:38 PM
post121505
|
kernel buffer overflow. patch ID 4845
I got this alert email today.
Does QNX have any evaluation or side effect check result for the patch ID 4845 ?
This issue seem serious, We are consider patch to our product.
Thanks.
===
Please review this alert for important information about potential security vulnerabilities present in some BlackBerry®
QNX® products.
Issue Description
A defect was found in the parameter processing of posix_spawn() and posix_spawnp() functions that could allow a
malicious program to cause a kernel buffer overflow.
Products Affected
This issue exists in:
• BlackBerry QNX SDP 6.6.0 and earlier versions
• QNX OS for Safety versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
• QNX OS for Medical versions 1.1 and earlier safety products compliant with IEC 62304
Issue Impact
This vulnerability could allow a malicious user-space program to trigger a buffer overflow within the kernel leading to
denial of service and possibly code execution.
|
|
|