Support Content Notification - Support Portal

CVE-2018-6485: An integer overflow in the implementation of the posix_memalign

Product/Component

Brocade SANnav

1 more products

Notification Id

21246

Last Updated

13 September 2022

Initial Publication Date

13 September 2022

Status

Closed

Severity

Low

CVSS Base Score

Base Score: 9.8 - CRITICAL - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WorkAround

N/A

Affected CVE

CVE-2018-6485

Summary

Security Advisory ID : BSA-2022-623

Component : GNU C Library

Revision : 1.0

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Notes:

Brocade PSIRT has confirmed that the glibc interface is only exposed to internal trusted modules and is not accessible for exploit. The only way to cause the â€œheap corruptionâ€ and exploit this vulnerability would be through crafted execution of external code that can only be introduced by a user with root privileges.

Affected Products

All versions of Brocade Fabric OS before v9.1.0

Products under investigation

Brocade Active Support Connectivity Gateway (ASC-G)

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.

Solution

Security update provided in Brocade Fabric OS v9.1.0 and later releases.

Revision History

Version	Change	Date
1.0	Initial Publication	Sept 13, 2022