CVE-2024-57257Uncontrolled Recursion in U-boot

CWE-674Uncontrolled Recursion7 documents6 sources
Severity
2.4LOWNVD
OSV8.1
EPSS
0.0%
top 93.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Denx U-bootDebian U-bootMsrc Azl3 Qemu 8.2.0-16 ON Azure Linux 3.0+1 more
Timeline
PublishedFeb 18
Latest updateFeb 23

Description

A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 0.9 | Impact: 1.4

Affected Packages7 packages

CVEListV5denx/u-boot< 2025.01-rc1
debiandebian/u-boot< u-boot 2023.01+dfsg-2+deb12u2 (bookworm)
Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3
Ubuntudenx/u-boot< 2022.01+dfsg-2ubuntu2.7+1
NVDdenx/u-boot2024.10

Patches

Patch: source.denx.de

🔴Vulnerability Details

3
OSV
u-boot vulnerabilities2026-02-23
GHSA
GHSA-8h8c-f86r-pf3c: A stack consumption issue in sqfs_size in Das U-Boot before 20252025-02-19
OSV
CVE-2024-57257: A stack consumption issue in sqfs_size in Das U-Boot before 20252025-02-18

📋Vendor Advisories

3
Ubuntu
U-Boot vulnerabilities2026-02-23
Microsoft
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.2025-02-11
Debian
CVE-2024-57257: u-boot - A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs v...2024
CVE-2024-57257 — Uncontrolled Recursion in Denx U-boot | cvebase