CVE-2019-8998

EUVD-2019-18385
An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
blackberryCNA
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
blackberryqnx_software_development_platform
𝑥
≤ 6.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000057178
http://support.blackberry.com/kb/articleDetail?articleNumber=000057178