CVE-2021-22156 – An integer overflow vulnerability in the calloc... (How to Fix)

Q: What is the severity of CVE-2021-22156?

CVE-2021-22156 has a CVSS score of 9.0 (CRITICAL). An integer overflow vulnerability in the calloc() function of QNX runtime libraries allows attackers to cause denial of service or execute arbitrary code. Affects BlackBerry QNX SDP 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier.

📋 TL;DR

An integer overflow vulnerability in the calloc() function of QNX runtime libraries allows attackers to cause denial of service or execute arbitrary code. Affects BlackBerry QNX SDP 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier.

💻 Affected Systems

Products:

BlackBerry QNX Software Development Platform
QNX OS for Medical
QNX OS for Safety

Versions: QNX SDP 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, QNX OS for Safety 1.0.1 and earlier

Operating Systems: QNX Neutrino RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: All systems using affected QNX runtime libraries are vulnerable regardless of application

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system compromise

🟠

Likely Case

Denial of service through application crashes or memory corruption

🟢

If Mitigated

Limited impact if systems are isolated and have memory protection mechanisms

🌐 Internet-Facing: HIGH - CVSS 9.0 indicates critical severity with potential remote exploitation

🏢 Internal Only: HIGH - Memory corruption vulnerabilities can be exploited locally or through network services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Integer overflow in memory allocation function requires specific conditions but can be triggered through crafted inputs

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QNX SDP 6.5.0SP2 and later, QNX OS for Medical 1.2, QNX OS for Safety 1.0.2

Vendor Advisory: https://support.blackberry.com/kb/articleDetail?articleNumber=000082334

Restart Required: Yes

Instructions:

1. Download updated runtime libraries from BlackBerry support. 2. Replace affected libc libraries. 3. Rebuild applications with patched libraries. 4. Restart affected systems.

🔧 Temporary Workarounds

Memory allocation limits

all

Implement custom memory allocation wrappers with bounds checking

Implement custom calloc wrapper with overflow checks before allocation

Address Space Layout Randomization

linux

Enable ASLR to make exploitation more difficult

echo 2 > /proc/sys/kernel/randomize_va_space

🧯 If You Can't Patch

Isolate affected systems from untrusted networks
Implement strict input validation and memory usage monitoring

🔍 How to Verify

Check if Vulnerable:

Check QNX version with 'uname -a' and compare against affected versions

Check Version:

uname -a

Verify Fix Applied:

Verify libc library version matches patched version and test memory allocation functions

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory corruption errors
Abnormal memory allocation patterns

Network Indicators:

Unexpected network connections from QNX systems
Traffic to/from QNX services with malformed data

SIEM Query:

source="qnx_systems" AND (event_type="crash" OR memory_allocation>threshold)

📊 Metadata

CVE ID: CVE-2021-22156

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-190

Published: August 17, 2021

Last Updated: August 22, 2025

🔗 References

https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 Patch,Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL Third Party Advisory
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 Patch,Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22156, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qnx Os For Medical by Blackberry

Qnx Os For Safety by Blackberry

Qnx Software Development Platform by Blackberry

Qnx Software Development Platform by Blackberry

Qnx Software Development Platform by Blackberry

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Memory allocation limits

Address Space Layout Randomization

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities