u-boot: fix CVE-2024-57255 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Hongxu Jia <hongxu.jia@windriver.com>	2025-02-19 15:04:34 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-02-28 06:45:14 -0800
commit	618c5fdb1461891a812bce5131339873a96b12fe (patch)
tree	2ab1f8b4d3e4ff64f64327e652b96290348d69a1 /scripts/lib/devtool/utilcmds.py
parent	ec0e90ce423f8cba7b52a4452f5c32a50dce230d (diff)
download	poky-618c5fdb1461891a812bce5131339873a96b12fe.tar.gz

u-boot: fix CVE-2024-57255

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57255 (From OE-Core rev: c3784c108f003c6663ca969585414e4a90f06606) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/utilcmds.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: