CVE-2024-57258 HIGH

Published: 2025-02-18 | Last Modified: 2026-05-12 | Status: Modified

Description

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

Additional Descriptions (1)

Los desbordamientos enteros en la asignación de memoria en DAS U-Boot antes de 2025.01-RC1 ocurren para un sistema de archivos manipulado squashfs a través de SBRK, a través de request2size o porque ptrdiff_t se convierte en x86_64.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-190

Affected Products

Vendor	Product	Version	Update	Type
denx	u-boot	*	<built-in method update of dict object at 0x7b06fee8cdc0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:denx:u-boot::::::::`

References

https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3
Source: [email protected]

Patch
https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f
Source: [email protected]

Patch
https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0
Source: [email protected]

Patch
https://www.openwall.com/lists/oss-security/2025/02/17/2
Source: [email protected]

Mailing List Mitigation Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e