QNX Neutrino Kernel Null Pointer Dereference Vulnerability Allowing Local Denial-of-Service

A null pointer dereference vulnerability has been identified in the QNX Neutrino kernel, specifically within the MsgRegisterEvent() system call. This vulnerability affects QNX Software Development Platform (SDP) versions 7.1 and 7.0, as well as several versions of QNX OS for Safety and QNX OS for Medical. An attacker with local access and the ability to execute arbitrary code could exploit this vulnerability to cause a kernel crash.

Impact

Exploitation of this vulnerability could lead to a crash of the QNX Neutrino kernel, causing a denial-of-service condition on the affected system.

Remediation

Users can update to QNX SDP 7.1 (version 1.4.0.03103T202511050950L and later), QNX SDP 7.0 (version 7.0.7190.L202510140904 and later), QNX OS for Safety 2.2.8 (version 2.2.8.00068T202509031701S and later), QNX OS for Safety 2.1.5 (version 2.1.4346.S202506270916 and later), or QNX OS for Safety 2.0.3 / QNX OS for Medical 2.0.2 (version 2.0.653.S202510082024 and later).