CVE-2019-8998 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2019-8998?

CVE-2019-8998 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-8998?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform.

Vulnerability Description

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Blackberry	Qnx Software Development Platform	<= 6.5.0

Related Weaknesses (CWE)

CWE-413

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000057178MitigationPatchVendor Advisory
http://support.blackberry.com/kb/articleDetail?articleNumber=000057178MitigationPatchVendor Advisory

FAQ

What is CVE-2019-8998?

CVE-2019-8998 is a vulnerability with a CVSS score of 7.8 (HIGH). An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5...

How severe is CVE-2019-8998?

CVE-2019-8998 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-8998?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform.