git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

projects / thirdparty / openembedded / openembedded-core.git / commit

author	Hongxu Jia <hongxu.jia@windriver.com>
	Wed, 19 Feb 2025 07:04:34 +0000 (15:04 +0800)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 19 Feb 2025 14:38:59 +0000 (06:38 -0800)
commit	c3784c108f003c6663ca969585414e4a90f06606
tree	1032d74bf1785ccda6ac9771d4d1d223b5bd4b61	tree \| snapshot
parent	eea9fee59bc7576bef94f0da466887e4daff0356	commit \| diff

u-boot: fix CVE-2024-57255

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.

https://nvd.nist.gov/vuln/detail/CVE-2024-57255

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch	[new file with mode: 0644]	blob
meta/recipes-bsp/u-boot/u-boot-common.inc		diff \| blob \| blame \| history

Mirror of git://git.openembedded.org/openembedded-core

RSS Atom