Stack Consumption Vulnerability in Das U-Boot Product by Denx
CVE-2024-57257

2LOW

Key Information:

Vendor: Denx
Status: U-boot
Vendor: CVE Published:; 18 February 2025

What is CVE-2024-57257?

A stack consumption vulnerability has been identified in the sqfs_size functionality of Das U-Boot prior to version 2025.01-rc1. This issue arises when handling crafted squashfs filesystems that employ excessive symlink nesting, potentially leading to stack overflow scenarios. It is crucial for users and administrators to evaluate their deployments and update to the latest version to mitigate any associated risks.

Affected Version(s)

U-Boot 0 < 2025.01-rc1

References

https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd...

https://www.openwall.com/lists/oss-security/2025/02/17/2

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025

CVE-2024-57257 Data

JSON