CVE-2024-57258 — Integer Overflow or Wraparound in U-boot

CWE-190 — Integer Overflow or Wraparound9 documents6 sources

Severity

7.8HIGHNVD

NVD7.1OSV8.1

EPSS

0.1%

top 83.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pengutronix Barebox Denx U-boot Debian U-boot +2 more

Timeline

PublishedFeb 18

Latest updateFeb 23

Description

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/u-boot< u-boot 2023.01+dfsg-2+deb12u2 (bookworm)

▶Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3

▶Ubuntudenx/u-boot< 2022.01+dfsg-2ubuntu2.7+1

▶NVDdenx/u-boot2024.10

▶CVEListV5pengutronix/barebox< 2025.01.0

Patches

Patch: source.denx.de ↗Patch: source.denx.de ↗Patch: source.denx.de ↗

🔴Vulnerability Details

OSV

u-boot vulnerabilities↗2026-02-23

▶

GHSA

GHSA-r76w-fc3x-9r5g: In barebox before 2025↗2025-02-19

▶

GHSA

GHSA-grrx-h759-85hh: Integer overflows in memory allocation in Das U-Boot before 2025↗2025-02-19

▶

OSV

CVE-2024-57258: Integer overflows in memory allocation in Das U-Boot before 2025↗2025-02-18

▶

📋Vendor Advisories

Ubuntu

U-Boot vulnerabilities↗2026-02-23

▶

Microsoft

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.↗2025-02-11

▶

Debian

CVE-2024-57258: u-boot - Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur fo...↗2024

▶