CVE-2024-57258

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DAS U-Boot versions prior to 2025.01-RC1

Description Integer overflows in memory allocation occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff t is mishandled on x86 64. This issue affects the memory allocation in DAS U-Boot.

Recommendations For versions prior to 2025.01-RC1, update to version 2025.01-RC1 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted squashfs filesystems to minimize the risk of exploitation. Avoid using the sbrk and request2size functions with untrusted input until the issue is resolved.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-02558

CVE-2024-57258

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

OESA-2025-1214

OPENSUSE-SU-2025_0755-1

OPENSUSE-SU-2025_0763-1

OPENSUSE-SU-2025_0817-1

OPENSUSE-SU-2025_0989-1

SUSE-SU-2025:0755-1

SUSE-SU-2025:0763-1

SUSE-SU-2025:0817-1

SUSE-SU-2025:0989-1

SUSE-SU-2025:20219-1

USN-8056-1

Affected Products

Das U-Boot

Debian

Linuxmint

Suse

Ubuntu

CVE-2024-57258

Weakness Enumeration

Related Identifiers

Affected Products

References · 58