CVE-2024-57259

High

Published: 18 February 2025

Published

18 February 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0007 20.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

Security Summary

CVE-2024-57259 affects Das U-Boot versions before 2025.01-rc1, specifically in the sqfs_search_dir function used for squashfs directory listing. The vulnerability stems from an off-by-one error (CWE-193) where the path separator is not considered in a size calculation, resulting in heap memory corruption. Published on 2025-02-18, it carries a CVSS v3.1 base score of 7.1 (AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Exploitation requires physical proximity to the target device and a high-complexity attack, but no privileges or user interaction. A successful attack can achieve high impacts across confidentiality, integrity, and availability, with a changed scope due to the memory corruption.

Mitigation is available via a patch commit in the U-Boot repository (048d795bb5b3d9c5701b4855f5e74bcf6849bf5e), which users should apply by updating to 2025.01-rc1 or later. Additional details appear in announcements on the oss-security mailing list and Debian LTS, emphasizing the need for upgrades in affected embedded systems.

Details

CWE(s): CWE-193

Affected Products

denx

u-boot

≤ 2024.10

References

https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e
Patch · cve@mitre.org
https://www.openwall.com/lists/oss-security/2025/02/17/2
Mailing List, Mitigation, Third Party Advisory · cve@mitre.org
https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108