Support Content Notification - Support Portal

Scan discovered multiple CVEs against glibc

Product/Component

Brocade ASC-Gateway OVA

2 more products

Notification Id

36830

Last Updated

27 January 2026

Initial Publication Date

27 January 2026

Status

CLOSED

Severity

LOW

CVSS Base Score

Varies

WorkAround

Affected CVE

CVE-2021-27645, CVE-2020-6096, CVE-2020-10029

Brocade Security Advisory ID	BSA-2026-2401
Component	glibc

Summary

Binary scan of Brocade Fabric OS identified multiple potential CVEs against glibc

CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

CVE-2020-10029

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

CVE-2021-27645

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Products Affected

No Brocade Fibre channel products from Broadcom are affected

Products Not Affected

Brocade Fabric OS versions before 10.0.0
[VEX Justification: Vulnerable_code_not_in_execute_path]
Brocade ASCG
[VEX Justification: Vulnerable_code_not_in_execute_path]
Brocade SANnav
[VEX Justification: Vulnerable_code_not_in_execute_path]

Solution

While Brocade Fabric OS is not affected, a security update has been provided in Brocade Fabric OS 10.0.0
While Brocade ASCG is not affected, a security update has been provided in Brocade ASCG 3.0.0

Revision History

Version	Change	Date
1.0	Initial Publication	January 27, 2026

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.