CVE-2026-4018
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| BlackBerry Ltd | QNX Software Development Platform | 7.1 | affected |
| BlackBerry Ltd | QNX Software Development Platform | cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:* | affected |
| BlackBerry Ltd | QNX Software Development Platform | 7.0 | affected |
| BlackBerry Ltd | QNX Software Development Platform | cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:* | affected |
| BlackBerry Ltd | QNX OS for Safety | 2.2.8 and earlier | affected |
| BlackBerry Ltd | QNX OS for Safety | cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:8:*:*:*:*:*:* | affected |
| BlackBerry Ltd | QNX OS for Safety | 2.1.5 and earlier | affected |
| BlackBerry Ltd | QNX OS for Safety | cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:5:*:*:*:*:*:* | affected |
| BlackBerry Ltd | QNX OS for Safety | 2.0.3 and earlier | affected |
| BlackBerry Ltd | QNX OS for Safety | cpe:2.3:o:blackberry:qnx_os_for_safety:2.0:3:*:*:*:*:*:* | affected |
| BlackBerry Ltd. | QNX OS for Medical | 2.0.2 and earlier | affected |
| BlackBerry Ltd. | QNX OS for Medical | cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:2:*:*:*:*:*:* | affected |
Weaknesses
- CWE-367: CWE-367 Time-of-check time-of-use (TOCTOU) race condition
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.