## Summary - *Identifier:* sigma-star-sa-2024-002 - *Vendor:* - - *Product/Software:* [U-Boot](https://source.denx.de/u-boot) - *Affected versions:* <= 2024.10 - *Fixed versions:* v2025.01-rc1 - *CVE IDs:* CVE-2024-57254, CVE-2024-57255, CVE-2024-57256, CVE-2024-57257, CVE-2024-57258, CVE-2024-57259
## Affected Product and Vendor > U-Boot, a boot loader for Embedded boards based on PowerPC, ARM, > MIPS and several other processors, which can be installed in a boot > ROM and used to initialize and test the hardware or to download > and run application code. Source: https://source.denx.de/u-boot/u-boot/-/blob/master/README ## Description Multuple vulnerabilities have been found in U-Boot: - CVE-2024-57254: Integer overflow in U-Boot’s SquashFS symlink size calculation function - CVE-2024-57255: Integer overflow in U-Boot’s SquashFS symlink resolution function - CVE-2024-57256: Integer overflow in U-Boot’s ext4 symlink resolution function - CVE-2024-57257: Stack overflow in U-Boot’s SquashFS symlink resolution function - CVE-2024-57258: Multiple integer overflows in U-Boot’s memory allocator - CVE-2024-57259: Heap corruption in U-Boot’s SquashFS directory listing function ## Impact An attacker capable of modifying ext4 or SquashFS filesystem data structures can exploit multiple memory corruption vulnerabilities in U-Boot. For systems that rely on verified boot, these vulnerabilities allow an attacker to bypass the chain of trust and achieve code execution by exploiting these issues. CVE-2024-57258 may also be exploited in U-Boot through other subsystems than ext4 or SquashFS. ## Mitigation Upgrade to version v2025.01-rc1 or newer. ## Patches - https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d - https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356 - https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9 - https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34 - https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3 - https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f - https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0 - https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e ## Credits - Richard Weinberger ([sigma star gmbh](https://sigma-star.at) - David Gstir ([sigma star gmbh](https://sigma-star.at) -- sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT UID/VAT Nr: ATU 66964118 | FN: 374287y
