Support Content Notification - Support Portal

BSA-2022-1763

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21303

Last Updated

29 March 2022

Initial Publication Date

29 March 2022

Status

Closed

Severity

Medium

CVSS Base Score

N/A

WorkAround

N/A

Affected CVE

CVE-2020-5953, CVE-2021-41839, CVE-2021-41841, CVE-2021-41840, CVE-2020-27339, CVE-2021-42060, CVE-2021-42113, CVE-2021-43522, CVE-2022-24069, CVE-2021-43615, CVE-2021-41837, CVE-2021-41838, CVE-2021-33627, CVE-2021-45971, CVE-2021-33626, CVE-2021-45970, CVE-2021-45969, CVE-2022-24030, CVE-2021-42554, CVE-2021-33625, CVE-2022-24031, CVE-2021-43323, CVE-2021-42059

Summary

Security Advisory ID : BSA-2022-1763

Component : InsydeH2O firmware framework code

Revision : 1.0

Brocade has become aware of several (23) memory management vulnerabilities that were disclosed by Binarly. Insyde's H2O UEFI firmware contains several (23) high-impact vulnerabilities. These vulnerabilities impact not only a single vendor, but all the vendors who adopted the IBV code into their UEFI firmware software.

More information at:

Affected Products

No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by these vulnerabilities.

Revision History

Version	Change	Date
1.0	Initial Publication	March 28, 2022