CVE-2024-57262

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 19, 2025

CWE ID 190

Summary

CVE-2024-57262 is a newly disclosed vulnerability affecting the barebox bootloader before version 2025.01.0. This issue involves an integer overflow in the function ext4fs_read_symlink, which occurs when processing a crafted ext4 filesystem with an inode size of 0xffffffff. The result is a malloc of zero, leading to a memory overwrite. This vulnerability shares similarities with CVE-2024-57256, as both exploit integer overflow vulnerabilities in the barebox bootloader. Successful exploitation could allow an attacker to gain unauthorized access or execute arbitrary code during the boot process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T5bb1
https://www.cve.org/CVERecord?id=CVE-2024-57262
https://nvd.nist.gov/vuln/detail/CVE-2024-57262

Back to Vulnerability Database

CVE-2024-57262

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations