CVE-2024-57258

HIGH EPSS 14.1%
Published Feb 18, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
14.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 1

VendorProductVersionRange
denxu-boot* ≤2024.10

References 6

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-577017.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
  • source.denx.de https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3
    Patch
  • source.denx.de https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f
    Patch
  • source.denx.de https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0
    Patch
  • openwall.com https://www.openwall.com/lists/oss-security/2025/02/17/2
    Mailing ListMitigationThird Party Advisory

Remediation

  • source.denx.de https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3
    Patch
  • source.denx.de https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f
    Patch
  • source.denx.de https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0
    Patch