CVE-2024-57256

CVSS v3.1

7.1

High

Vector

AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2025.01-rc1

Description An integer overflow occurs in the ext4fs read symlink function in Das U-Boot. This happens when a crafted ext4 filesystem with an inode size of 0xffffffff is used, causing a malloc of zero and resultant memory overwrite. The issue arises from adding one to an LE32 variable in the zalloc function.

Recommendations For versions prior to 2025.01-rc1, update to version 2025.01-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted ext4 filesystems to minimize the risk of exploitation. Avoid using the zalloc function with untrusted input until the issue is resolved.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-02560

CVE-2024-57256

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

OESA-2025-1214

OPENSUSE-SU-2025_0755-1

OPENSUSE-SU-2025_0763-1

OPENSUSE-SU-2025_0817-1

OPENSUSE-SU-2025_0989-1

SUSE-SU-2025:0755-1

SUSE-SU-2025:0763-1

SUSE-SU-2025:0817-1

SUSE-SU-2025:0989-1

SUSE-SU-2025:20219-1

SUSE-SU-2025_0989-1

USN-8056-1

Affected Products

Das U-Boot

Debian

Linuxmint

Suse

Ubuntu

CVE-2024-57256

Weakness Enumeration

Related Identifiers

Affected Products

References · 54