High severity7.1NVD Advisory· Published Feb 19, 2025· Updated Apr 15, 2026

CVE-2024-57262

Description

In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.

Patches

a2b76550f7d8

https://git.pengutronix.de/cgit/bareboxvia osv

a2b76550f7d8

https://git.pengutronix.de/cgit/bareboxvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

git.pengutronix.de/cgit/barebox/commit/nvd
git.pengutronix.de/cgit/barebox/commit/nvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000