]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 956836a) | patch
u-boot: fix CVE-2024-57255
authorHongxu Jia <hongxu.jia@windriver.com>
Wed, 19 Feb 2025 08:18:15 +0000 (16:18 +0800)
committerSteve Sakoman <steve@sakoman.com>
Wed, 19 Feb 2025 15:05:14 +0000 (07:05 -0800)
commit687b6e0a166d7dc999b7d226a9bd68155f59a03a
tree175d13e3da9bcdfa062e0ded8812f95c6617a343tree | snapshot
parent956836ab347e9112be0f8892b1b82c4bcb17990ccommit | diff
u-boot: fix CVE-2024-57255

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.

https://nvd.nist.gov/vuln/detail/CVE-2024-57255

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch [new file with mode: 0644] blob
meta/recipes-bsp/u-boot/u-boot_2022.01.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core