CVE-2024-57256

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 19, 2025

CWE ID 190

Summary

CVE-2024-57256 is a newly disclosed vulnerability affecting Das U-Boot before version 2025.01-rc1. This issue stems from an integer overflow in the function ext4fs_read_symlink. A specially crafted ext4 filesystem with an inline size of 0xffffffff can lead to a zalloc operation adding one to an le32 variable, causing it to wrap around and result in a malloc request of zero. The subsequent memory overwrite can lead to potential code injection or other unintended behavior.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T5hUH
https://www.cve.org/CVERecord?id=CVE-2024-57256
https://nvd.nist.gov/vuln/detail/CVE-2024-57256

Back to Vulnerability Database

CVE-2024-57256

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations