CVE-2024-57255Integer Overflow or Wraparound in U-boot

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
6.8MEDIUMNVD
OSV8.1
EPSS
0.1%
top 80.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Denx U-bootDebian U-bootMsrc Azl3 Qemu 8.2.0-16 ON Azure Linux 3.0+1 more
Timeline
PublishedFeb 18
Latest updateFeb 23

Description

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages7 packages

CVEListV5denx/u-boot< 2025.01-rc1
debiandebian/u-boot< u-boot 2023.01+dfsg-2+deb12u2 (bookworm)
Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3
Ubuntudenx/u-boot< 2022.01+dfsg-2ubuntu2.7+1
NVDdenx/u-boot2024.10

Patches

Patch: source.denx.de

🔴Vulnerability Details

3
OSV
u-boot vulnerabilities2026-02-23
GHSA
GHSA-5cmq-wrwp-9x26: An integer overflow in sqfs_resolve_symlink in Das U-Boot before 20252025-02-19
OSV
CVE-2024-57255: An integer overflow in sqfs_resolve_symlink in Das U-Boot before 20252025-02-18

📋Vendor Advisories

3
Ubuntu
U-Boot vulnerabilities2026-02-23
Microsoft
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memo2025-02-11
Debian
CVE-2024-57255: u-boot - An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occ...2024
CVE-2024-57255 — Integer Overflow or Wraparound | cvebase