Support Content Notification - Support Portal

UDisks Daemon Vulnerable to Local Privilege Escalation via Negative Index in Loop Device Handler

Product/Component

Brocade ASC-Gateway OVA

1 more products

Notification Id

37151

Last Updated

03 March 2026

Initial Publication Date

03 March 2026

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

8.5

WorkAround

Affected CVE

CVE-2025-8067

Brocade Security Advisory ID	BSA-2026-3130
Component	udisks

Summary

Udisks is vulnerable to out-of-bounds read due to improper validation of the index parameter in the loop device handler. This could allow an attacker to crash the UDisks daemon or perform local privilege escalation by accessing files owned by privileged users.

Products Affected

Brocade ASCG before 3.4.0

Products Not Affected

Brocade Fabric OS
[VEX Justification: Component_not_present]
Brocade SANnav
[VEX Justification: Component_not_present]

Solution

Solution provided in Brocade ASCG 3.4.0

Revision History

Version	Change	Date
1.0	Initial Publication	March 3, 2026

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.