Support Content Notification - Support Portal

BSA-2022-1747

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21305

Last Updated

09 March 2022

Initial Publication Date

09 March 2022

Status

Closed

Severity

High

CVSS Base Score

7.8

WorkAround

N/A

Affected CVE

CVE-2022-0847

Summary

Security Advisory ID : BSA-2022-1747

Component : Kernel

Revision : 1.0

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. More information at: https://dirtypipe.cm4all.com/

Brocade has investigated its product line to determine the exposure of Brocade Fibre Channel products from Broadcom.

Products Confirmed Not Vulnerable

No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Note: Brocade Manageability products from Broadcom are not vulnerable to "the Dirty Pipe" vulnerability. However, if a Brocade Manageability product is installed on a server running an affected OS, this is out of Brocade's control.
Brocade recommends Customers to apply recommendations provided by the Vendors.

Revision History

Version	Change	Date
1.0	Initial Publication	March 9, 2022