u-boot: fix CVE-2024-57259 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Hongxu Jia <hongxu.jia@windriver.com>	2025-02-19 15:04:38 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-02-28 06:45:14 -0800
commit	c72b542224ec9e0798b202f195f1ad34f1e04ab5 (patch)
tree	6af727c280be86014244176c9f00ba02bd86196d /scripts/lib/devtool/utilcmds.py
parent	297607918a3978b26852a7c8660c89b684211122 (diff)
download	poky-c72b542224ec9e0798b202f195f1ad34f1e04ab5.tar.gz

u-boot: fix CVE-2024-57259

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. https://nvd.nist.gov/vuln/detail/CVE-2024-57259 (From OE-Core rev: 8fad176e6258a44d1ba1eed224cd27745b6a57cf) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/utilcmds.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: