What is the CVSS score of CVE-2024-57259?

CVE-2024-57259 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of U Boot are affected by CVE-2024-57259?

Organizations using Das U-Boot face moderate risk from CVE-2024-57259 rated CVSS 7.1. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2024-57259?

Within 7 days: Identify all affected systems running Das U-Boot and apply vendor patches promptly. Vendor patch is available.

U Boot CVE-2024-57259

HIGH

Off-by-one Error (CWE-193)

2025-02-18 cve@mitre.org

Buffer Overflow U Boot Suse

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

SUSE

HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:27 vuln.today

Patch released

Mar 28, 2026 - 18:27 nvd

Patch available

CVE Published

Feb 18, 2025 - 23:15 nvd

HIGH 7.1

DescriptionCVE.org

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

AnalysisAI

Technical ContextAI

This vulnerability is classified under CWE-193. sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. Affected products include: Denx U-Boot. Version information: before 2025.01.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

SUSE

Severity: High

Product	Status
SUSE Linux Enterprise Micro 5.2	Fixed
SUSE Linux Enterprise Micro 5.3	Fixed
SUSE Linux Enterprise Micro 5.4	Fixed
SUSE Linux Enterprise Micro 5.5	Fixed
SUSE Linux Micro 6.0	Fixed

CVE-2024-57259 vulnerability details – vuln.today

Back

SUSE Linux Micro 6.1	Fixed
openSUSE Leap 15.6	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS	Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP6	Fixed
SUSE Linux Enterprise Server 12 SP5	Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS	Fixed
SUSE Linux Enterprise Server 15 SP4-LTSS	Fixed
SUSE Linux Enterprise Server 15 SP5-LTSS	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP6	Fixed
SUSE Manager Proxy 4.3	Fixed
SUSE Manager Retail Branch Server 4.3	Fixed
SUSE Manager Server 4.3	Fixed
SUSE CaaS Platform 4.0	Fixed
SUSE Enterprise Storage 6	Fixed
SUSE Enterprise Storage 6	Fixed
SUSE Linux Enterprise Desktop 15	Fixed
SUSE Linux Enterprise Desktop 15	Fixed
SUSE Linux Enterprise Desktop 15 SP1	Fixed
SUSE Linux Enterprise Desktop 15 SP1	Fixed
SUSE Linux Enterprise Desktop 15 SP6	Fixed
SUSE Linux Enterprise High Performance Computing 15	Fixed
SUSE Linux Enterprise High Performance Computing 15	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP1	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP1	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS	Fixed
SUSE Linux Enterprise High Performance Computing 15 SP6	Fixed
SUSE Linux Enterprise High Performance Computing 15-ESPOS	Fixed
SUSE Linux Enterprise High Performance Computing 15-ESPOS	Fixed
SUSE Linux Enterprise High Performance Computing 15-LTSS	Fixed
SUSE Linux Enterprise High Performance Computing 15-LTSS	Fixed
SUSE Linux Enterprise Module for Basesystem 15	Fixed
SUSE Linux Enterprise Module for Basesystem 15	Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP1	Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP1	Fixed
SUSE Linux Enterprise Server 12 SP4	Fixed
SUSE Linux Enterprise Server 12 SP4	Fixed
SUSE Linux Enterprise Server 12 SP4-ESPOS	Fixed
SUSE Linux Enterprise Server 12 SP4-ESPOS	Fixed
SUSE Linux Enterprise Server 12 SP4-LTSS	Fixed
SUSE Linux Enterprise Server 12 SP4-LTSS	Fixed
SUSE Linux Enterprise Server 15	Fixed
SUSE Linux Enterprise Server 15	Fixed
SUSE Linux Enterprise Server 15 SP1	Fixed
SUSE Linux Enterprise Server 15 SP1	Fixed
SUSE Linux Enterprise Server 15 SP1-BCL	Fixed
SUSE Linux Enterprise Server 15 SP1-LTSS	Fixed
SUSE Linux Enterprise Server 15 SP1-LTSS	Fixed
SUSE Linux Enterprise Server 15 SP2-LTSS	Fixed
SUSE Linux Enterprise Server 15 SP3-LTSS	Fixed
SUSE Linux Enterprise Server 15 SP6	Fixed
SUSE Linux Enterprise Server 15-LTSS	Fixed
SUSE Linux Enterprise Server 15-LTSS	Fixed
SUSE Linux Enterprise Server for SAP Applications 15	Fixed
SUSE Linux Enterprise Server for SAP Applications 15	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP1	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP1	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP3	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP4	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP5	Fixed
SUSE Manager Proxy 4.0	Fixed
SUSE Manager Proxy 4.0	Fixed
SUSE Manager Retail Branch Server 4.0	Fixed
SUSE Manager Retail Branch Server 4.0	Fixed
SUSE Manager Server 4.0	Fixed
SUSE Manager Server 4.0	Fixed

U Boot CVE-2024-57259

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code