U-Boot 中的多个漏洞
这篇文章报告了U-Boot中的多个安全漏洞(包括整数溢出、堆栈溢出和堆损坏等),影响版本为<= 2024.10。攻击者可利用这些漏洞绕过信任链并执行代码。建议升级至v2025.01-rc1或更高版本以修复问题。 2025-2-17 16:35:0 Author: seclists.org(查看原文) 阅读量:3 收藏
这篇文章报告了U-Boot中的多个安全漏洞(包括整数溢出、堆栈溢出和堆损坏等),影响版本为<= 2024.10。攻击者可利用这些漏洞绕过信任链并执行代码。建议升级至v2025.01-rc1或更高版本以修复问题。 2025-2-17 16:35:0 Author: seclists.org(查看原文) 阅读量:3 收藏
oss-sec mailing list archives
From: Richard Weinberger <richard () sigma-star at>
Date: Mon, 17 Feb 2025 14:44:54 +0100
## Summary - *Identifier:* sigma-star-sa-2024-002 - *Vendor:* - - *Product/Software:* [U-Boot](https://source.denx.de/u-boot) - *Affected versions:* <= 2024.10 - *Fixed versions:* v2025.01-rc1 - *CVE IDs:* CVE-2024-57254, CVE-2024-57255, CVE-2024-57256, CVE-2024-57257, CVE-2024-57258, CVE-2024-57259 ## Affected Product and Vendor
U-Boot, a boot loader for Embedded boards based on PowerPC, ARM, MIPS and several other processors, which can be installed in a boot ROM and used to initialize and test the hardware or to download and run application code.
Source: https://source.denx.de/u-boot/u-boot/-/blob/master/README ## Description Multuple vulnerabilities have been found in U-Boot: - CVE-2024-57254: Integer overflow in U-Boot’s SquashFS symlink size calculation function - CVE-2024-57255: Integer overflow in U-Boot’s SquashFS symlink resolution function - CVE-2024-57256: Integer overflow in U-Boot’s ext4 symlink resolution function - CVE-2024-57257: Stack overflow in U-Boot’s SquashFS symlink resolution function - CVE-2024-57258: Multiple integer overflows in U-Boot’s memory allocator - CVE-2024-57259: Heap corruption in U-Boot’s SquashFS directory listing function ## Impact An attacker capable of modifying ext4 or SquashFS filesystem data structures can exploit multiple memory corruption vulnerabilities in U-Boot. For systems that rely on verified boot, these vulnerabilities allow an attacker to bypass the chain of trust and achieve code execution by exploiting these issues. CVE-2024-57258 may also be exploited in U-Boot through other subsystems than ext4 or SquashFS. ## Mitigation Upgrade to version v2025.01-rc1 or newer. ## Patches - https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d - https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356 - https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9 - https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34 - https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3 - https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f - https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0 - https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e ## Credits - Richard Weinberger ([sigma star gmbh](https://sigma-star.at) - David Gstir ([sigma star gmbh](https://sigma-star.at) -- sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT UID/VAT Nr: ATU 66964118 | FN: 374287y
Current thread:
- Multiple Vulnerabilities in U-Boot Richard Weinberger (Feb 17)
文章来源: https://seclists.org/oss-sec/2025/q1/143
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh