Описание
Security update for u-boot
This update for u-boot fixes the following issues:
- CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284).
- CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).
Список пакетов
openSUSE Leap 15.6
u-boot-xilinxzynqmpgeneric-2020.01-150200.10.18.1
u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.18.1
Ссылки
- Link for SUSE-SU-2025:0755-1
- E-Mail link for SUSE-SU-2025:0755-1
- SUSE Security Ratings
- SUSE Bug 1237284
- SUSE Bug 1237287
- SUSE CVE CVE-2024-57256 page
- SUSE CVE CVE-2024-57258 page
Описание
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
Затронутые продукты
openSUSE Leap 15.6:u-boot-xilinxzynqmpgeneric-2020.01-150200.10.18.1
openSUSE Leap 15.6:u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.18.1
Ссылки
- CVE-2024-57256
- SUSE Bug 1237284
Описание
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
Затронутые продукты
openSUSE Leap 15.6:u-boot-xilinxzynqmpgeneric-2020.01-150200.10.18.1
openSUSE Leap 15.6:u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.18.1
Ссылки
- CVE-2024-57258
- SUSE Bug 1237287