CVE-2024-57255
Published: 18 February 2025
Description
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
Security Summary
CVE-2024-57255 is an integer overflow vulnerability (CWE-190) in the sqfs_resolve_symlink function of Das U-Boot versions prior to 2025.01-rc1. The issue arises when processing a crafted SquashFS filesystem with an inode size of 0xffffffff, which triggers an integer overflow, resulting in a malloc allocation of zero bytes and a subsequent memory overwrite.
Exploitation requires physical access to the device (AV:P) and high attack complexity (AC:H), with no privileges (PR:N) or user interaction (UI:N) required. A successful attack can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with a changed scope (S:C), yielding a CVSS v3.1 base score of 7.1.
The vulnerability was patched in a commit to the U-Boot repository (https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356). It was publicly disclosed on the oss-security mailing list (https://www.openwall.com/lists/oss-security/2025/02/17/2) and addressed in Debian LTS announcements (https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html), recommending upgrades to U-Boot 2025.01-rc1 or later.
Details
- CWE(s)