CVE-2024-57254

Published Feb 18, 2025

Last updated 9 days ago

CVSS high 7.1

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-57254 is an integer overflow vulnerability found in Das U-Boot (Universal Boot Loader) prior to version 2025.01-rc1. The vulnerability exists in the `sqfs_inode_size` function during the calculation of symlink size. Specifically, it can be triggered by a specially crafted SquashFS filesystem, potentially leading to further vulnerabilities, especially if the size calculation is used for resource management or execution control. Das U-Boot is a widely used boot loader in embedded systems, often used to initialize hardware and load the operating system. A SquashFS filesystem is a compressed read-only filesystem commonly used in embedded systems due to its small size. Exploiting this vulnerability requires local access. Upgrading to Das U-Boot version 2025.01-rc1 or later mitigates this vulnerability.

Description
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
6
Exploitability score
0.5
Vector string
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-190

Social media

Hype score
Not currently trending

  1. CVE-2024-57254 An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. https://t.co/LwxkB4lw6K

    @CVEnew

    18 Feb 2025

    467 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. New post from https://t.co/uXvPWJy6tj (CVE-2024-57254 | DENEX U-Boot prior 2025.01-rc1 SquashFS Symlink Size Calculation integer overflow) has been published on https://t.co/yeKpfxeKSC

    @WolfgangSesin

    18 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. U-Boot vulnerabilities https://t.co/T90biu2d32 CVE-2024-57254: Integer overflow in SquashFS symlink size calculation function CVE-2024-57255: Integer overflow in SquashFS symlink resolution function CVE-2024-57256: Integer overflow in ext4 symlink resolution function + next tweet

    @oss_security

    17 Feb 2025

    2805 Impressions

    6 Retweets

    20 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

References