BadAlloc Flaw Impacts Many Systems Running BlackBerry’s QNX Embedded OS


Publicly disclosed in April, BadAlloc is a collection of 25 vulnerabilities impacting many Internet of Things (IoT) and operational technology (OT) devices. The flaws can allow malicious attackers to gain control of highly sensitive systems.

The issue affects C standard library (libc) implementations, real-time operating systems (RTOS), and embedded software development kits (SDKs), and could be exploited to execute arbitrary code or cause systems to crash.

On Tuesday, BlackBerry revealed that the QNX RTOS is affected by a BadAlloc vulnerability tracked as CVE-2021-22156 (CVSS score of 9.0). The flaw, an integer overflow bug, impacts the C runtime library present in various BlackBerry QNX products.