PT-2025-6744 · Unknown+4 · Das U-Boot+4

David Gstir

Publicado

2025-02-17

Atualizado

2026-02-23

CVE-2024-57258

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DAS U-Boot versions prior to 2025.01-RC1

Description Integer overflows in memory allocation occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff t is mishandled on x86 64. This issue affects the memory allocation in DAS U-Boot.

Recommendations For versions prior to 2025.01-RC1, update to version 2025.01-RC1 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted squashfs filesystems to minimize the risk of exploitation. Avoid using the sbrk and request2size functions with untrusted input until the issue is resolved.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

BDU:2025-02558

CVE-2024-57258

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

OESA-2025-1214

OPENSUSE-SU-2025_0755-1

OPENSUSE-SU-2025_0763-1

OPENSUSE-SU-2025_0817-1

OPENSUSE-SU-2025_0989-1

SUSE-SU-2025:0755-1

SUSE-SU-2025:0763-1

SUSE-SU-2025:0817-1

SUSE-SU-2025:0989-1

SUSE-SU-2025:20219-1

USN-8056-1

Produtos afetados

Das U-Boot

Debian

Linuxmint

Suse

Ubuntu

PT-2025-6744 · Unknown+4 · Das U-Boot+4

CVE-2024-57258

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58