#VU105297 Off-by-one in U-Boot - CVE-2024-57259

Cybersecurity Help s.r.o.

Published: 2025-03-04

Vulnerability identifier: #VU105297

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57259

CWE-ID: CWE-193

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
U-Boot
Client/Desktop applications / Other client software

Vendor: DENX

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error within the sqfs_search_dir() function. A local user can trigger memory corruption for squashfs directory listing and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

U-Boot: 2020.01 rc1 - 2024.10

External links
https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e
https://www.openwall.com/lists/oss-security/2025/02/17/2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP3 update for uboot-tools

openEuler 22.03 LTS SP4 update for uboot-tools

openEuler 24.03 LTS update for uboot-tools

openEuler 24.03 LTS SP1 update for uboot-tools

Multiple vulnerabilities in U-Boot