CVE-2024-57255

CVSS v3.1

7.1

High

Vector

AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DAS U-Boot versions prior to 2025.01-RC1

Description An integer overflow occurs in the sqfs resolve symlink function in DAS U-Boot through a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and a resultant memory overwrite. This issue can be triggered via a manipulated squashfs filesystem.

Recommendations For versions prior to 2025.01-RC1, update to version 2025.01-RC1 or later to resolve the issue. As a temporary workaround, consider restricting access to the sqfs resolve symlink function to minimize the risk of exploitation. Avoid using crafted squashfs filesystems with an inode size of 0xffffffff until the issue is resolved.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-02557

CVE-2024-57255

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

USN-8056-1

Affected Products

Das U-Boot

Debian

Linuxmint

Ubuntu

CVE-2024-57255

Weakness Enumeration

Related Identifiers

Affected Products

References · 36