BadAlloc vulnerability affects BlackBerry QNX Real Time Operating System
BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156, with a CVSS score of 9. BadAlloc is a collection of 25 vulnerabilities affecting multiple RTOSs and supporting libraries of critical infrastructure organizations and other organizations developing, maintaining, supporting, or using affected QNX-based systems.
A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices. BlackBerry QNX RTOS is used in a wide range of products whose compromise could result in a malicious actor gaining control of highly sensitive systems, possibly leading to increased risk of damage to infrastructure or critical functions.