rpm package
suse/u-boot-rpiarm64&distro=SUSE Linux Enterprise Micro 5.3
pkg:rpm/suse/u-boot-rpiarm64&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57258 | Hig | 7.1 | < 2021.10-150400.4.14.1 | 2021.10-150400.4.14.1 | Feb 18, 2025 | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. | |
| CVE-2024-57256 | Hig | 7.1 | < 2021.10-150400.4.14.1 | 2021.10-150400.4.14.1 | Feb 18, 2025 | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. |
- affected < 2021.10-150400.4.14.1fixed 2021.10-150400.4.14.1
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
- affected < 2021.10-150400.4.14.1fixed 2021.10-150400.4.14.1
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.