Cyber Resilience

CVE-2021-22156

Critical

Published: 17 August 2021

Published
17 August 2021
Modified
22 August 2025
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0089 75.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22156 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Blackberry Qnx Software Development Platform. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1…

more

and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

blackberry
qnx software development platform
6.5.0 · ≤ 6.5.0
blackberry
qnx os for medical
≤ 1.1.1
blackberry
qnx os for safety
≤ 1.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References