oss-sec mailing list archives

## Summary

- *Identifier:*                   sigma-star-sa-2024-003
- *Vendor:*                       -
- *Product/Software:*             [Barebox](https://barebox.org)
- *Affected versions:*            < v2025.01.0
- *Fixed versions:*               v2025.01.0
- *CVE IDs:*                      CVE-2024-57260, CVE-2024-57261, CVE-2024-57262

## Affected Product and Vendor

barebox is a bootloader designed for embedded systems.
It runs on a variety of architectures including x86, ARM, MIPS, RISC-V and
others.  barebox aims to be a versatile and flexible bootloader, not only
for booting embedded Linux systems, but also for initial hardware bringup
and development.  barebox is highly configurable to be suitable as a full-
featured development binary as well as for lean production systems.
Just like busybox is the Swiss Army Knife for embedded Linux,
barebox is the Swiss Army Knife for bare metal, hence the name.

Source: https://barebox.org/

## Description

Multuple vulnerabilities have been found in Barebox:

- CVE-2024-57260: Multiple vulnerabilities in Barebox’s SquashFS due to missing patches from Linux
- CVE-2024-57261: Integer overflow in Barebox’s memory allocator
- CVE-2024-57262: Integer overflow in Barebox’s SquashFS symlink resolution function

## Impact

An attacker capable of modifying ext4 or SquashFS filesystem data structures
can exploit multiple memory corruption vulnerabilities in Barebox.
For systems that rely on verified boot, these vulnerabilities allow an attacker
to bypass the chain of trust and achieve code execution by exploiting these
issues.
CVE-2024-57261 may also be exploited in Barebox through other subsystems than ext4 or SquashFS.

## Mitigation

Upgrade to version v2025.01.0 or newer.

## Patches

- https://git.pengutronix.de/cgit/barebox/commit/?id=ced445748477037e88f118b6d67409e0f3f2ea76
- https://git.pengutronix.de/cgit/barebox/commit/?id=12c3770203e2b264a796b43a54c6dd5f9fe3d2f0
- https://git.pengutronix.de/cgit/barebox/commit/?id=efe52dae380ab1e0bfdc2ee1575cf95da7061d99
- https://git.pengutronix.de/cgit/barebox/commit/?id=b8bd710ec1c90d032a461d57e522a8f985809278
- https://git.pengutronix.de/cgit/barebox/commit/?id=f034651371945a66069c2e9ff5a711211f650d0d
- https://git.pengutronix.de/cgit/barebox/commit/?id=7cf25e0733f08f68d1bf0ca0c3cf6e2dfe51bd3c
- https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d87ba6f88a9ea50e71f107b514ff4e


## Credits

- Richard Weinberger ([sigma star gmbh](https://sigma-star.at)
- David Gstir ([sigma star gmbh](https://sigma-star.at)

-- 
​​​​​sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT UID/VAT Nr:
ATU 66964118 | FN: 374287y

Current thread:

• Multiple Vulnerabilities in Barebox Richard Weinberger (Feb 17)