CVE-2024-57256

Published Feb 18, 2025

Last updated 9 days ago

CVSS high 7.1

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-57256 is an integer overflow vulnerability found in the ext4 symlink resolution function of Das U-Boot (Universal Boot Loader). This vulnerability allows an attacker who can manipulate ext4 filesystem data structures to potentially corrupt memory within U-Boot. Systems using verified boot could have their chain of trust bypassed, enabling malicious code execution. U-Boot is a widely used boot loader for embedded systems based on various processors, including PowerPC, ARM, and MIPS. It initializes and tests hardware, and loads/runs application code. The vulnerability affects versions of U-Boot prior to 2025.01-rc1. Upgrading to version 2025.01-rc1 or later mitigates this vulnerability.

Description
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
6
Exploitability score
0.5
Vector string
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-190

Social media

Hype score
Not currently trending

  1. CVE-2024-57256 An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an i… https://t.co/R2L8dM4lug

    @CVEnew

    18 Feb 2025

    463 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. New post from https://t.co/uXvPWJy6tj (CVE-2024-57256 | DENEX U-Boot prior 2025.01-rc1 ext4 Symlink Resolution integer overflow) has been published on https://t.co/QIPgvgocBR

    @WolfgangSesin

    18 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. U-Boot vulnerabilities https://t.co/T90biu2d32 CVE-2024-57254: Integer overflow in SquashFS symlink size calculation function CVE-2024-57255: Integer overflow in SquashFS symlink resolution function CVE-2024-57256: Integer overflow in ext4 symlink resolution function + next tweet

    @oss_security

    17 Feb 2025

    2805 Impressions

    6 Retweets

    20 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

References