CVE-2024-57256

CVE-2024-57256

Name

CVE-2024-57256

Description

An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/02/17/2

Type

URI

cve@mitre.org

https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9

cve@mitre.org

https://www.openwall.com/lists/oss-security/2025/02/17/2

CPE URI	Source package	Min version	Max version
	u-boot	>= 0	< 2025.01-rc1

CPE URI

Source package

Min version

Max version

u-boot

>= 0

< 2025.01-rc1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
u-boot	edge-main	2024.10-r2	Milan P. Stanić <mps@arvanta.net>	possibly vulnerable
u-boot	edge-main	2024.10-r3	Milan P. Stanić <mps@arvanta.net>	possibly vulnerable
u-boot	edge-main	2025.01-r0	Milan P. Stanić <mps@arvanta.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

u-boot

edge-main

2024.10-r2

Milan P. Stanić <mps@arvanta.net>

possibly vulnerable

u-boot

edge-main