rpm package
opensuse/u-boot-xilinxzynqmpvirt&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/u-boot-xilinxzynqmpvirt&distro=openSUSE%20Leap%2015.6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57258 | Hig | 7.1 | < 2021.10-150600.11.3.1 | 2021.10-150600.11.3.1 | Feb 18, 2025 | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. | |
| CVE-2024-57256 | Hig | 7.1 | < 2021.10-150600.11.3.1 | 2021.10-150600.11.3.1 | Feb 18, 2025 | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. |
- affected < 2021.10-150600.11.3.1fixed 2021.10-150600.11.3.1
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
- affected < 2021.10-150600.11.3.1fixed 2021.10-150600.11.3.1
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.