CVE-2019-8998

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
blackberryCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
blackberryqnx_software_development_platform
𝑥
≤ 6.5.0
𝑥
= Vulnerable software versions
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000057178
http://support.blackberry.com/kb/articleDetail?articleNumber=000057178