CVE-2024-57254 — Vulnetix

CVE-2024-57254 PUBLISHED CVSS 7.099999904632568 HIGH

An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.

EPSS 0.06% · 19.5th percentile

Risk Scores

CVSS 3.1

7.099999904632568

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.06%

19.5th percentile

Affected Products

Vendor	Product	Versions
denx	U-Boot	0
denx	u-boot	0, 0

Exploit Intelligence

CIRCL seen: CVE-2024-57254 (circl-sighting)
https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html (circl)
https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d (circl)
https://www.openwall.com/lists/oss-security/2025/02/17/2 (circl)

Timeline

Feb 18, 2025 CVE Published
Feb 18, 2025 PoC Published
Feb 19, 2025 EPSS Score
Feb 19, 2025 Coalition ESS Score
Mar 1, 2025 Coalition ESS Score
Mar 5, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 17, 2025 EPSS Score
May 2, 2025 EPSS Score
May 16, 2025 EPSS Score
May 30, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›