PT-2025-6740 · Unknown+3 · Das U-Boot+3

Richard Weinberger

Published

2025-02-17

Updated

2026-02-23

CVE-2024-57254

CVSS v3.1

7.1

High

Vector

AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2025.01-rc1

Description The issue is related to an integer overflow in the sqfs inode size function, which occurs during the calculation of the symlink size via a crafted squashfs filesystem. This can be exploited using a specifically manipulated squashfs filesystem.

Recommendations For versions prior to 2025.01-rc1, update to version 2025.01-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted squashfs filesystems to minimize the risk of exploitation.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-02559

CVE-2024-57254

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

USN-8056-1

Affected Products

Das U-Boot

Debian

Linuxmint

Ubuntu

PT-2025-6740 · Unknown+3 · Das U-Boot+3

CVE-2024-57254

Weakness Enumeration

Related Identifiers

Affected Products

References · 36