Primary

Context

Das U-Boot Integer Overflow Vulnerability in SquashFS Symlink Size Calculation

Vulnerability

Patched

A vulnerability allowing for integer overflow has been identified in Das U-Boot versions prior to 2025.01-rc1. This issue occurs in the symlink size calculation within the 'sqfs_inode_size' function, when processing a crafted SquashFS filesystem. The integer overflow can lead to memory corruption vulnerabilities, which may be exploited to bypass verified boot and execute arbitrary code, according to the vendor.

Impact

Exploitation of this vulnerability causes an integer overflow, leading to memory corruption. In systems with verified boot, this allows an attacker to bypass the chain of trust and execute arbitrary code.

Remediation

Users are advised to upgrade to U-Boot version 2025.01-rc1 or newer.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Das U-Boot Integer Overflow Vulnerability in SquashFS Symlink Size Calculation

Vulnerability

Impact

Remediation

Affected Products

Das U-Boot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating