Brocade Fabric OS (10.x and 9.2.x Releases) Vulnerability Disclosures
Brocade Security Advisories posted on January 27, 2026
CVEs addressed in FOS 10.0.0a, 9.2.2b, 9.2.1c2
CVE-2026-0383
Privilege escalation via bind command in Brocade Fabric OS
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36851
CVEs addressed in FOS 10.0.0, 9.2.2c, 9.2.1c3
CVE-2025-9711
Privilege escalation in Brocade Fabric OS
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36852
CVEs addressed in FOS 10.0.0, 9.2.2b, 9.2.1c2, 8.2.3f
CVE-2019-9704, CVE-2019-9705
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36817
CVEs addressed in FOS 10.0.0, 9.2.2b, 9.2.1c2
CVE-2025-58382
Privilege escalation in Brocade Fabric OS
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36849
CVE-2025-58383
Undocumented command in Brocade Fabric OS
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36878
CVE-2025-58381
Directory transversal vulnerability in Brocade Fabric OS using various shell commands
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36853
CVE-2019-7283
A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36818
CVEs addressed in FOS 10.0.0, 9.2.2, 9.2.1
CVE-2025-58379
Password Exposure in Brocade Fabric OS
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36850
CVE-2025-58380
Directory transversal vulnerability in Brocade Fabric OS using grep command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36854
CVEs addressed in FOS 10.0.0, 9.2.2, 9.2.1, 9.2.0b1
CVE-2019-20388
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36819
CVEs addressed in FOS 10.0.0
CVE-2024-9143
Low-level invalid GF(2^m) parameters lead to OOB memory access
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36811
CVE-2024-26596, CVE-2024-26686, CVE-2024-26794, CVE-2024-27022, CVE-2024-27017, CVE-2024-27010, CVE-2024-35949, CVE-2024-36939, CVE-2024-36929, CVE-2024-36297, CVE-2024-36883, CVE-2024-36905, CVE-2024-36902, CVE-2024-36891, CVE-2024-36890, CVE-2024-36031, CVE-2024-36886, CVE-2024-36904, CVE-2024-10041
Multiple Linux Security Updates applied to Brocade Fabric OS 10.0
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36820
CVE-2025-4575
The x509 application adds trusted use instead of rejected use
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36821
CVE-2023-52426
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time
(PSIRT Risk: Low for FOS)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36822
CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36823
CVE-2021-33294
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36824
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36825
CVE-2023-39804
GNU tar mishandled extension attributes in a PAX archive
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36826
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36827
CVE-2023-29499
Glib GVariant deserialization fails to validate input
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36828
CVE-2023-4156
A heap out-of-bounds read flaw was found in builtin.c in the gawk package
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36829
CVE-2021-27645
Scan discovered multiple CVEs against glibc
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36830
CVE-2023-2953
Null pointer dereference found in openldap
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36831
CVE-2023-28320
A denial of service vulnerability exists in curl
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36832
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36833
CVE-2017-18017
use-after-free and memory corruption
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36834
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36835
CVE-2022-39377
The allocate_structures function insufficiently checks bounds before arithmetic multiplication
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36836
CVE-2021-4148
Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/36837
CVEs updated as also being addressed in FOS 8.2.3f
CVE-2024-26923
Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35818
CVE-2022-44792
Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22343
CVE-2023-31928
XSS vulnerability in Brocade Webtools
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22390
CVE-2023-51385
OS command injection vulnerability in OpenSSH
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25238
=======================================
Brocade Security Advisories posted on July 8, 2025
CVE addressed in FOS 9.2.2a
CVE-2025-0395
GNU Glibc Vulnerable to Memory Corruption via Heap Buffer Overflow during 'assert()' Failure
(PSIRT Risk: Low for FOS)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35919
CVE-2022-48687
Linux Kernel IPv6 Segment Routing Vulnerable to Out-of-Bounds Read via Crafted Netlink Message in SRv6 Layer
(PSIRT Risk: Low -- FOS not exploitable)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35920
=======================================
Brocade Security Advisories posted on June 10, 2025
CVE addressed in FOS 9.2.2a
CVE-2025-4661
Path transversal vulnerability potentially leading to sensitive information disclosure
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35814
CVE-2025-4663
Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35815
CVE-2022-28893
Linux Kernel SUN RPC Subsystem Vulnerable to Memory Corruption via Use-After-Free (UAF) in 'inet_put_port' Function
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35816
CVE-2023-0394
Linux Kernel Vulnerable to Denial-of-Service (DoS) via NULL Pointer Dereference in 'rawv6_push_pending_frames()' Function in 'raw.c' File
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35817
CVE-2024-26923
Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35818
=======================================
Brocade Security Advisories posted on April 17, 2025
CVE addressed in FOS 9.1.1d7, 9.2.0, 9.2.1, 9.2.2
CVE-2025-1976
Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
(PSIRT Risk: Critical)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25602
=======================================
Brocade Security Advisories posted on February 27, 2025
CVE addressed in FOS 9.2.2
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent
(PSIRT Risk: Low for Fabric OS)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25430
=======================================
Previously Disclosed Security Advisories
CVE addressed in FOS 9.2.0c3, 9.2.1b, 9.2.2
CVE-2023-51385
OpenSSH is vulnerable to an OS command injection issue due to how user name and host name values are processed and referenced by expansion tokens.
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25238
CVEs addressed in FOS 9.2.0c1, 9.2.1a1, and 9.2.2
CVE-2024-10403
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25145
CVEs addressed in FOS 9.2.0c, 9.2.1a1, and 9.2.2
CVE-2024-7517
Privileged escalation via crafted use of portcfg command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25071
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24987
CVE-2023-7104
SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24996
CVE-2022-48624
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24994
CVE-2022-1304
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24995
CVE-2024-4603
Checking excessively long DSA keys or parameters may be very slow
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24990
CVE-2023-6237
OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24991
CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24992
CVE-2024-1086
A use-after-free vulnerability exists in the Linux kernel's netfilter: nf_tables component
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24989
CVEs addressed in FOS 9.2.2
CVE-2024-7516
Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25177
CVEs addressed in FOS versions 9.1.1d2, 9.2.0b1, and 9.2.1
CVE-2023-29469, CVE-2023-28484, CVE-2022-40304, CVE-2022-40303, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2020-24977
Multiple Vulnerabilities within libxml2
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24612
CVE-2022-23990, CVE-2022-22825, CVE-2021-46143, CVE-2019-15903, CVE-2018-20843
Multiple Vulnerabilities within libexpat
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24611
CVEs addressed in FOS versions 9.1.1d, 9.2.0b and 9.2.1
CVE-2024-29954
password management API prints sensitive information in log files
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23226
CVE-2024-29953
Encoded session passwords on session storage for Virtual Fabric platforms
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23227
CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551
Multiple NTP vulnerabilities resolved
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23228
CVE-2023-3817
Excessive time spent checking DH q parameter value
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23230
CVE-2023-3446
Excessive time spent checking DH keys and parameters
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23231
CVE-2023-2650
Possible DoS translating ASN.1 object identifiers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23233
CVE-2023-0466, CVE-2023-0465
OpenSSL Security Advisory [28th March 2023]
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23234
CVE-2019-6109
Missing character encoding in progress display allows for spoofing of scp client output
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23229
CVEs addressed in FOS versions 9.2.0b and 9.2.1
CVE-2023-2975
AES-SIV implementation ignores empty associated data entries
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23232
CVE-2023-0464
Excessive Resource Usage Verifying X.509 Policy Constraints
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23235
CVEs addressed in FOS versions 9.2.0 and 9.2.1
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22400
CVE-2023-31928
XSS vulnerability in Brocade Webtools
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22390
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22393
CVE-2022-2097
AES OCB fails to encrypt some bytes
(PSIRT Risk: Medium) -- Only impacts Brocade G730 platform
https://support.broadcom.com/external/content/SecurityAdvisories/0/22394
CVE-2021-20193
This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22401
CVE-2018-14348
libcgroup up to and including 0.41 creates file with mode 0666 regardless of the configured umask, leading to disclosure of information
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22404
CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22399
CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22398
CVE-2011-4917
Information disclosure in Linux kernels through 3.1
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22395
CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22355
CVE-2022-28614
The ap_rwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22354
CVE-2022-2068
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22396
CVE-2022-0322
A flaw was found in the sctp_make_strreset_req function in net sctp sm_make_chunk.c
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22356
CVE-2021-4154
use-after-free flaw found in cgroup1_parse_param (possible denial of service)
(PSIRT Risk:Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22344
CVE-2020-15861
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22397
CVE-2018-25032
Zlib memory corruption when deflating (i.e. when compressing)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22342
CVEs addressed in FOS versions 9.1.1d, 9.2.0a and 9.2.1
CVE-2023-4163
Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22514
CVE-2023-4162
Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22513
CVEs addressed in FOS versions 9.1.1d1, 9.2.0 and 9.2.1
CVE-2023-3454
Remote code execution (RCE) vulnerability in Brocade Fabric OS
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23215
CVEs addressed in FOS versions 9.1.1d, 9.2.0 and 9.2.1
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22402
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22403
CVEs addressed in FOS versions 9.1.1c, 9.2.0 and 9.2.1
CVE-2023-31926
Arbitrary File Overwrite using less command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22388
CVE-2023-31432
Privilege issues in multiple commands (portcfgupload, configupload, license, myid)
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22385
CVE-2023-31427
Local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22379
CVE-2023-31426
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22377
CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22389
CVE-2023-31431
A buffer overflow vulnerability in “diagstatus” command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22384
CVE-2023-31430
buffer overflow vulnerability in “secpolicydelete” command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22381
CVE-2023-31429
Vulnerability in multiple CLI commands (chassisdistribute, reboot, rasman, errmoduleshow, errfilterset, chassiscfgperrthreshold, supportshowcfgdisable, supportshowcfgenable)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22408
CVE-2023-31428
CLI allows upload or transfer files of dangerous types
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22380
CVE-2022-44792
Potential Denial of Service exploit in Net-SNMP
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22343
CVE-2022-23219
GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22350
CVE-2021-45486
net ipv4 route.c has an information leak because the hash table is very small
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22352
CVE-2021-45485
net ipv6 output_core.c has an information leak because of certain use of a hash
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22351
CVE-2021-3800
Flaw in glib could leak content from files owned by privileged users to unprivileged ones
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22348
CVE-2021-0146
Hardware allows activation of test or debug logic
(PSIRT Risk: Medium) -- Only impacts Brocade G730 platform
https://support.broadcom.com/external/content/SecurityAdvisories/0/22353
CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22392
CVE-2020-36557
Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing opening of ttys could lead to a use-after-free
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22378
CVE-2020-14145
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22345
CVE-2018-7738
Potential privilege escalation by embedding shell commands in a mountpoint name
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22341
CVE-2022-24448
nfs_atomic_open() performs a regular lookup
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22349
CVEs addressed in FOS versions 9.1.1, 9.2.0 and 9.2.1
CVE-2023-31425
Privilege escalation via the fosexec command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407
CVE-2021-41617
A flaw in OpenSSH helper programs could lead to local privilege escalation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22340
CVE-2022-0778
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/21226
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
September 26, 2024 |
|
2.0 |
BSA postings for FOS 9.2.0c, 9.2.0c1, 9.2.1a1 and 9.2.2 |
November 12, 2024 |
|
2.1 |
Updated with CVE-2023-51385 posting |
January 7, 2025 |
|
2.2 |
Updaed with CVE-2024-38428 posting |
February 27, 2025 |
|
2.3 |
Upated with CVE-2025-1976 posting |
April 17, 2025 |
|
2.4 |
Updated with FOS 9.2.2a CVE updates |
June 10, 2025 |
|
2.5 |
Updated with CVE-2025-0395 and CVE-2022-48687 postings |
July 8, 2025 |
|
3.0 |
BSA postings for 10.0.0a, 10.0.0, 9.2.2c, 9.2.2b, 9.2.1c3, 9.2.1c2 |
January 27, 2026 |
|
3.1 |
Added CVE-2023-51385 security update in FOS 8.2.3f |
January 28, 2026 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.