Main Vulnerability Database Vulnerabilities #VU105293

#VU105293 Integer overflow in Universal Boot Loader (U-Boot) - CVE-2024-57255

Published: March 4, 2025

Vulnerability identifier: #VU105293

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-57255

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Universal Boot Loader (U-Boot)

Software vendor:
DENX

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the sqfs_resolve_symlink() function. A local user can use a specially crafted squashfs filesystem with an inode size of 0xffffffff to trigger integer overflow and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356
https://www.openwall.com/lists/oss-security/2025/02/17/2

#VU105293 Integer overflow in Universal Boot Loader (U-Boot) - CVE-2024-57255

Description

Remediation

External links

Please verify you're human