What is the CVSS score of CVE-2024-57255?

CVE-2024-57255 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of U Boot are affected by CVE-2024-57255?

Organizations using sqfs_resolve_symlink in Das U-Boot face moderate risk from CVE-2024-57255, a integer overflow vulnerability rated CVSS 7.1.. A patch is available.

How to fix or mitigate CVE-2024-57255?

Within 7 days: Identify all affected systems running sqfs_resolve_symlink in Das U-Boot and apply vendor patches promptly. Vendor patch is available.

U Boot CVE-2024-57255

HIGH

Integer Overflow or Wraparound (CWE-190)

2025-02-18 cve@mitre.org

Buffer Overflow Integer Overflow Suse U Boot

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:27 vuln.today

Patch released

Mar 28, 2026 - 18:27 nvd

Patch available

CVE Published

Feb 18, 2025 - 23:15 nvd

HIGH 7.1

DescriptionNVD

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. Affected products include: Denx U-Boot. Version information: before 2025.01.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2024-57255 vulnerability details – vuln.today

Back

U Boot CVE-2024-57255

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code