Summary

Security Advisory ID : BSA-2022-623

Component : GNU C Library

Revision : 1.0

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Notes:

Brocade PSIRT has confirmed that the glibc interface is only exposed to internal trusted modules and is not accessible for exploit. The only way to cause the “heap corruption” and exploit this vulnerability would be through crafted execution of external code that can only be introduced by a user with root privileges.

Affected Products

• All versions of Brocade Fabric OS before v9.1.0

Products under investigation

• Brocade Active Support Connectivity Gateway (ASC-G)

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.

Solution

Security update provided in Brocade Fabric OS v9.1.0 and later releases.

Revision History