BadAlloc Vulnerability Affecting Devices Incorporating Older BlackBerry QNX Products

Original release date: August 17, 2021

CISA released an Alert today on devices incorporating older versions of multiple BlackBerry QNX products affected by a BadAlloc vulnerability. A malicious actor could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. 

Because devices incorporating older versions of BlackBerry QNX products support critical infrastructure and national critical functions, CISA is strongly urging all organizations whose devices use affected QNX-based systems to immediately apply the mitigations provided in CISA Alert AA21-229A and Blackberry Advisory QNX-2021-001.

This product is provided subject to this Notification and this Privacy & Use policy.