CVE-2025-8090

Summary

Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.

Affected Software

VendorProductVersion RangeStatus
BlackBerry LtdQNX Software Development Platform7.1 and 7.0affected
BlackBerry LtdQNX Software Development Platformcpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*affected
BlackBerry LtdQNX Software Development Platformcpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*affected
BlackBerry LtdQNX OS for Safety2.2.7 and earlieraffected
BlackBerry LtdQNX OS for Safetycpe:2.3:o:blackberry:qnx_os_for_safety:2.2:7:*:*:*:*:*:*affected
BlackBerry LtdQNX OS for Safety2.1.4 and earlieraffected
BlackBerry LtdQNX OS for Safetycpe:2.3:o:blackberry:qnx_os_for_safety:2.1:4:*:*:*:*:*:*affected
BlackBerry LtdQNX OS for Safety2.0.2 and earlieraffected
BlackBerry LtdQNX OS for Safetycpe:2.3:o:blackberry:qnx_os_for_safety:2.0:2:*:*:*:*:*:*affected
BlackBerry Ltd.QNX OS for Medical2.0.1 and earlieraffected
BlackBerry Ltd.QNX OS for Medicalcpe:2.3:o:blackberry:qnx_os_for_medical:2.0:1:*:*:*:*:*:*affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References