Skip to main content

U Boot CVE-2024-57254

HIGH
Integer Overflow or Wraparound (CWE-190)
2025-02-18 cve@mitre.org
Buffer Overflow Integer Overflow Suse U Boot
7.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:27 vuln.today
Patch released
Mar 28, 2026 - 18:27 nvd
Patch available
CVE Published
Feb 18, 2025 - 23:15 nvd
HIGH 7.1

DescriptionNVD

An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.

AnalysisAI

An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. Affected products include: Denx U-Boot. Version information: before 2025.01.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2024-57254 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy