CVE-2025-8090 - Vulnerability Details - OpenCVE

A null pointer dereference vulnerability in the MsgRegisterEvent() system call of the QNX Neutrino Kernel in QNX SDP 7.1 and 7.0, and QNX OS for Safety 2.2, 2.1 and 2.0 could potentially allow an attacker with local access and code execution abilities, to crash the QNX Neutrino kernel.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.blackberry.com/pkb/s/article/141027

History

Tue, 13 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A null pointer dereference vulnerability in the MsgRegisterEvent() system call of the QNX Neutrino Kernel in QNX SDP 7.1 and 7.0, and QNX OS for Safety 2.2, 2.1 and 2.0 could potentially allow an attacker with local access and code execution abilities, to crash the QNX Neutrino kernel.
Title		Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety
Weaknesses		CWE-476
References		https://support.blackberry.com/pkb/s/article/141027
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2026-01-13T16:36:21.061Z

Updated: 2026-01-13T18:57:38.781Z

Reserved: 2025-07-23T15:38:00.519Z

Link: CVE-2025-8090

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-13T17:15:59.320

Modified: 2026-01-13T17:15:59.320

Link: CVE-2025-8090

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8090", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2025-07-23T15:38:00.519Z", "datePublished": "2026-01-13T16:36:21.061Z", "dateUpdated": "2026-01-13T18:57:38.781Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QNX Software Development Platform", "vendor": "BlackBerry Ltd", "versions": [{"status": "affected", "version": "7.1 and 7.0", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*", "versionType": "cpe"}]}, {"defaultStatus": "unaffected", "product": "QNX OS for Safety", "vendor": "BlackBerry Ltd", "versions": [{"status": "affected", "version": "2.2.7 and earlier", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:7:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "2.1.4 and earlier", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:4:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "2.0.2 and earlier", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.0:2:*:*:*:*:*:*", "versionType": "cpe"}]}, {"defaultStatus": "unaffected", "product": "QNX OS for Medical", "vendor": "BlackBerry Ltd.", "versions": [{"status": "affected", "version": "2.0.1 and earlier", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:1:*:*:*:*:*:*", "versionType": "cpe"}]}], "datePublic": "2026-01-13T16:25:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel."}], "value": "Null pointer dereference in the MsgRegisterEvent() system call could allow\u00a0an attacker with local access and code execution abilities to crash the\u00a0QNX Neutrino kernel."}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2026-01-13T18:57:38.781Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://support.blackberry.com/pkb/s/article/141027"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}