CVE-2024-57256
EUVD-2025-476518.02.2025, 23:15
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| denx | u-boot | 𝑥 ≤ 2024.10 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX MX5000RE | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1400 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1500 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1501 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1510 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1511 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1512 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1524 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1536 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX5000 | 𝑥 < V2.17.1 | ADP |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| u-boot-rpiarm64 |
| ||||||||||||
| u-boot-rpiarm64-doc |
| ||||||||||||
| u-boot-tools |
|