Brocade Fabric OS (9.x Release) Vulnerability Disclosures
Brocade Security Advisories posted on July 8, 2025
CVEs addressed in FOS 9.2.1c and 9.2.2a
CVE-2025-0395
GNU Glibc Vulnerable to Memory Corruption via Heap Buffer Overflow during 'assert()' Failure
(PSIRT Risk: Low for FOS)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35919
CVE-2022-48687
Linux Kernel IPv6 Segment Routing Vulnerable to Out-of-Bounds Read via Crafted Netlink Message in SRv6 Layer
(PSIRT Risk: Low -- FOS not exploitable)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35920
=======================================
Brocade Security Advisories posted on June 10, 2025
CVEs addressed in FOS 9.2.1c and 9.2.2a
CVE-2025-4661
Path transversal vulnerability potentially leading to sensitive information disclosure
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35814
CVE-2025-4663
Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35815
CVE-2022-28893
Linux Kernel SUN RPC Subsystem Vulnerable to Memory Corruption via Use-After-Free (UAF) in 'inet_put_port' Function
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35816
CVE-2023-0394
Linux Kernel Vulnerable to Denial-of-Service (DoS) via NULL Pointer Dereference in 'rawv6_push_pending_frames()' Function in 'raw.c' File
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35817
CVE-2024-26923
Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/35818
==================================================
Brocade Security Advisories posted on April 17, 2025
CVE addressed in FOS 9.1.1d7, 9.2.0, 9.2.1, 9.2.2
CVE-2025-1976
Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
(PSIRT Risk: Critical)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25602
==================================================
Brocade Security Advisories posted on February 27, 2025
CVE addressed in FOS 9.2.2
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent
(PSIRT Risk: Low for Fabric OS)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25430
==================================================
Modified Brocade Security Advisories on February 13, 2025
CVEs addressed in FOS 9.2.0c3, 9.2.1b, and 9.2.2
CVE-2023-51385
OpenSSH is vulnerable to an OS command injection issue due to how user name and host name values are processed and referenced by expansion tokens.
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25238
=======================================
Brocade Security Advisories posted on January 7, 2025
CVEs addressed in FOS 9.2.1b, and 9.2.2
CVE-2023-51385
OpenSSH is vulnerable to an OS command injection issue due to how user name and host name values are processed and referenced by expansion tokens.
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25238
================================
Previously disclosed Brocade Security Advisories
CVEs addressed in FOS 9.2.0c1, 9.2.1a1, and 9.2.2
CVE-2024-10403
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25145
CVEs addressed in FOS 9.2.0c, 9.2.1a1, and 9.2.2
CVE-2024-7517
Privileged escalation via crafted use of portcfg command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25071
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24987
CVE-2023-7104
SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24996
CVE-2022-48624
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24994
CVE-2022-1304
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24995
CVE-2024-4603
Checking excessively long DSA keys or parameters may be very slow
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24990
CVE-2023-6237
OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24991
CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24992
CVE-2024-1086
A use-after-free vulnerability exists in the Linux kernel's netfilter: nf_tables component
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24989
CVEs addressed in FOS 9.2.2
CVE-2024-7516
Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25177
CVEs addressed in FOS versions 9.1.1d2, 9.2.0b1, and 9.2.1
CVE-2023-29469, CVE-2023-28484, CVE-2022-40304, CVE-2022-40303, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2020-24977
Multiple Vulnerabilities within libxml2
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24612
CVE-2022-23990, CVE-2022-22825, CVE-2021-46143, CVE-2019-15903, CVE-2018-20843
Multiple Vulnerabilities within libexpat
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24611
CVEs addressed in FOS versions 9.1.1d, 9.2.0b and 9.2.1
CVE-2024-29954
password management API prints sensitive information in log files
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23226
CVE-2024-29953
Encoded session passwords on session storage for Virtual Fabric platforms
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23227
CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551
Multiple NTP vulnerabilities resolved
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23228
CVE-2023-3817
Excessive time spent checking DH q parameter value
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23230
CVE-2023-3446
Excessive time spent checking DH keys and parameters
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23231
CVE-2023-2650
Possible DoS translating ASN.1 object identifiers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23233
CVE-2023-0466, CVE-2023-0465
OpenSSL Security Advisory [28th March 2023]
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23234
CVE-2019-6109
Missing character encoding in progress display allows for spoofing of scp client output
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23229
CVEs addressed in FOS versions 9.2.0b and 9.2.1
CVE-2023-2975
AES-SIV implementation ignores empty associated data entries
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23232
CVE-2023-0464
Excessive Resource Usage Verifying X.509 Policy Constraints
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23235
CVEs addressed in FOS versions 9.2.0 and 9.2.1
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22400
CVE-2023-31928
XSS vulnerability in Brocade Webtools
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22390
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22393
CVE-2022-2097
AES OCB fails to encrypt some bytes
(PSIRT Risk: Medium) -- Only impacts Brocade G730 platform
https://support.broadcom.com/external/content/SecurityAdvisories/0/22394
CVE-2021-20193
This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22401
CVE-2018-14348
libcgroup up to and including 0.41 creates file with mode 0666 regardless of the configured umask, leading to disclosure of information
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22404
CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22399
CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22398
CVE-2011-4917
Information disclosure in Linux kernels through 3.1
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22395
CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22355
CVE-2022-28614
The ap_rwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22354
CVE-2022-2068
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22396
CVE-2022-0322
A flaw was found in the sctp_make_strreset_req function in net sctp sm_make_chunk.c
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22356
CVE-2021-4154
use-after-free flaw found in cgroup1_parse_param (possible denial of service)
(PSIRT Risk:Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22344
CVE-2020-15861
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22397
CVE-2018-25032
Zlib memory corruption when deflating (i.e. when compressing)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22342
CVEs addressed in FOS versions 9.1.1d, 9.2.0a and 9.2.1
CVE-2023-4163
Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22514
CVE-2023-4162
Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22513
CVEs addressed in FOS versions 9.1.1d1, 9.2.0 and 9.2.1
CVE-2023-3454
Remote code execution (RCE) vulnerability in Brocade Fabric OS
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23215
CVEs addressed in FOS versions 9.1.1d, 9.2.0 and 9.2.1
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22402
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22403
CVEs addressed in FOS versions 9.1.1c, 9.2.0 and 9.2.1
CVE-2023-31926
Arbitrary File Overwrite using less command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22388
CVE-2023-31432
Privilege issues in multiple commands (portcfgupload, configupload, license, myid)
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22385
CVE-2023-31427
Local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22379
CVE-2023-31426
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22377
CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22389
CVE-2023-31431
A buffer overflow vulnerability in “diagstatus” command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22384
CVE-2023-31430
buffer overflow vulnerability in “secpolicydelete” command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22381
CVE-2023-31429
Vulnerability in multiple CLI commands (chassisdistribute, reboot, rasman, errmoduleshow, errfilterset, chassiscfgperrthreshold, supportshowcfgdisable, supportshowcfgenable)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22408
CVE-2023-31428
CLI allows upload or transfer files of dangerous types
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22380
CVE-2022-44792
Potential Denial of Service exploit in Net-SNMP
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22343
CVE-2022-23219
GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22350
CVE-2021-45486
net ipv4 route.c has an information leak because the hash table is very small
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22352
CVE-2021-45485
net ipv6 output_core.c has an information leak because of certain use of a hash
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22351
CVE-2021-3800
Flaw in glib could leak content from files owned by privileged users to unprivileged ones
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22348
CVE-2021-0146
Hardware allows activation of test or debug logic
(PSIRT Risk: Medium) -- Only impacts Brocade G730 platform
https://support.broadcom.com/external/content/SecurityAdvisories/0/22353
CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22392
CVE-2020-36557
Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing opening of ttys could lead to a use-after-free
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22378
CVE-2020-14145
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22345
CVE-2018-7738
Potential privilege escalation by embedding shell commands in a mountpoint name
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22341
CVE-2022-24448
nfs_atomic_open() performs a regular lookup
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22349
CVEs addressed in FOS versions 9.1.1, 9.2.0 and 9.2.1
CVE-2023-31425
Privilege escalation via the fosexec command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407
CVE-2021-41617
A flaw in OpenSSH helper programs could lead to local privilege escalation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22340
CVE-2022-0778
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/21226
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
September 26, 2024 |
|
2.0 |
BSA postings for FOS 9.2.0c, 9.2.0c1, 9.2.1a1 and 9.2.2 |
November 12, 2024 |
|
2.1 |
Updated with CVE-2023-51385 posting |
January 7, 2025 |
|
2.2 |
Updaed with CVE-2024-38428 posting |
February 27, 2025 |
|
2.3 |
Upated with CVE-2025-1976 posting |
April 17, 2025 |
|
2.4 |
Updated with FOS 9.2.2a CVE updates |
June 10, 2025 |
|
2.5 |
Updated with CVE-2025-0395 and CVE-2022-48687 postings |
July 8, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.