Description
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://support.blackberry.com/pkb/s/article/141027
Scores
CVSS v3
6.2
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (11)
BlackBerry Ltd/QNX OS for Safety
2.0.2 and earlier
BlackBerry Ltd/QNX OS for Safety
2.1.4 and earlier
BlackBerry Ltd/QNX OS for Safety
2.2.7 and earlier
BlackBerry Ltd/QNX OS for Safety
cpe:2.3:o:blackberry:qnx_os_for_safety:2.0:2:*:*:*:*:*:*
BlackBerry Ltd/QNX OS for Safety
cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:4:*:*:*:*:*:*
BlackBerry Ltd/QNX OS for Safety
cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:7:*:*:*:*:*:*
BlackBerry Ltd/QNX Software Development Platform
7.1 and 7.0
BlackBerry Ltd/QNX Software Development Platform
cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*
BlackBerry Ltd/QNX Software Development Platform
cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*
BlackBerry Ltd./QNX OS for Medical
2.0.1 and earlier
... and 1 more
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026