Summary 

Multiple Rocky Linux updates applied to Brocade SANnav base OS (OVA deployment) 2.4.0a

RockyLinux 8: bind (RLSA-2024:5524)

• BIND's database will be slow if a very large number of RRs exist at the same name (CVE-2024-1737)
• SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)

RockyLinux 8: bind (RLSA-2025:1675)

• Many records in the additional section cause CPU exhaustion (CVE-2024-11187)

RockyLinux 8: libxml2 (RLSA-2025:2686)

• libxml2: Use-After-Free in libxml2 (CVE-2024-56171)
• libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 (CVE-2025-24928)

RockyLinux 8 : libxml2 (RLSA-2025:1517)

• libxml: use-after-free in xmlXIncludeAddNode (CVE-2022-49043)

RockyLinux 8: krb5 (RLSA-2025:2722)

• CVE-2025-24528 krb5: overflow when calculating ulog block size

Bug fix:

• kdb5_util: fix DB entry flags on modification

RockyLinux 8: krb5 (RLSA-2024:8860)

• freeradius: forgery attack (CVE-2024-3596)

RockyLinux 8 : linux-firmware (RLSA-2024:7481)

• kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity (CVE-2023-20584)
• kernel: hw: amd:Incomplete system memory cleanup in SEV firmware corrupt guest private memory (CVE-2023-31356)

Rocky Linux 8: expat (RLSA-2024:6989)

• libexpat: Negative Length Parsing Vulnerability in libexpat (CVE-2024-45490)
• libexpat: Integer Overflow or Wraparound (CVE-2024-45491)
• libexpat: integer overflow (CVE-2024-45492)

RockyLinux 8 : expat (RLSA-2024:9502)

• libexpat: expat: DoS via XML_ResumeParser (CVE-2024-50602)

Rocky Linux 8: python3 (RLSA-2024:6975)

• python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)
• cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)
• python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

RockyLinux 8 : gcc (RLSA-2025:1301)

• jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)

RockyLinux 8 : glibc (RLSA-2024:3269)

• glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)

RockyLinux 8: kernel (RLSA-2024:10943)

• kernel: selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695)
• kernel: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949)
• kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082)
• kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099)
• kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110)
• kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142)
• kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192)
• kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256)
• kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264)

RockyLinux 8: kernel (RLSA-2024:8856)

• kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
• kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
• kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
• kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
• kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
• kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
• kernel: nouveau: lock the client object tree. (CVE-2024-27062)
• kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
• kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
• kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
• kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
• kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
• kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
• kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
• kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)
• kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
• kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
• kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
• kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.(CVE-2024-40984)
• kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
• kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
• kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
• kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
• kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
• kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
• kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)
• kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
• kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
• kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
• kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
• kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
• kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
• kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
• kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
• kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
• kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
• kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
• kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
• kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
• kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
• kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
• kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

RockyLinux 8 : kernel (RLSA-2025:1068)

• kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)
•  kernel: arm64/sve: Discard stale CPU state when handling SVE traps (CVE-2024-50275)

RockyLinux 8 : kernel (RLSA-2025:1266)

• kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104)

RockyLinux 8 : kernel (RLSA-2025:0065)

• kernel: i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088)
•  kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)

Products Affected

• Brocade SANnav base OS (OVA deployment) before 2.4.0a

Products Confirmed Not Affected

• Brocade SANnav

Solution

• Security update provided in Brocade SANnav base OS (OVA deployment) 2.4.0a
• SANnav base OS Security update also provided in the sannav_ova_8x_os_05_2025 OVA patch. The OVA patch can be applied to 2.3.0, 2.3.0a, 2.3.1, 2.3.1a, 2.3.1b, 2.4.0 versions

Credit

The issue were found during security testing.

Revision History

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.