CVE-2024-57262
Published: 19 February 2025
Description
In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.
Security Summary
CVE-2024-57262 is an integer overflow vulnerability in the ext4fs_read_symlink function of barebox, affecting versions prior to 2025.01.0. The issue occurs when processing a crafted ext4 filesystem with an inode size of 0xffffffff, an le32 variable. Adding one to this value triggers an overflow in the zalloc call, resulting in a malloc of zero bytes and a subsequent memory overwrite. This flaw is classified under CWE-190 (Integer Overflow or Wraparound) and carries a CVSS v3.1 base score of 7.1.
Exploitation requires physical access to the target system (AV:P) and involves high attack complexity (AC:H), with no privileges (PR:N) or user interaction (UI:N) needed. Successful exploitation changes scope (S:C) and can lead to high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), primarily through the memory overwrite enabled by the zero-sized allocation.
Mitigation is addressed in barebox version 2025.01.0 via patches documented in the project's Git repository, specifically commits a2b76550f7d8 and a2b76550f7d87ba6f88a9ea50e71f107b514ff4e, which fix the integer overflow in ext4fs_read_symlink. Security practitioners should update to barebox 2025.01.0 or later and validate ext4 filesystems from untrusted sources.
Details
- CWE(s)