CVE-2024-57258

Published: Feb 18, 2025

Modified: May 12, 2026

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

Vendor	Product	Versions
denx	U-Boot	affected `0 - < 2025.01-rc1`

Weaknesses (CWE)

CWE-190

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3

https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f

https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0

https://www.openwall.com/lists/oss-security/2025/02/17/2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-57258

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References