Primary

Context

Das U-Boot Stack Consumption Vulnerability via Deeply Nested Symlinks in SquashFS Filesystems

Vulnerability

Patched

A stack consumption vulnerability has been identified in Das U-Boot bootloader versions through 2024.10. The issue arises in the 'sqfs_size' function, where the bootloader improperly handles deeply nested symlinks within a crafted SquashFS filesystem. This flaw can lead to excessive stack usage, potentially causing a stack overflow.

Impact

Exploitation of this vulnerability causes excessive stack consumption, which can lead to a stack overflow, a common type of buffer overflow where the stack memory is overrun, potentially allowing for arbitrary code execution or causing the system to crash.

Remediation

Users are advised to upgrade to U-Boot version 2025.01-rc1 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Das U-Boot Stack Consumption Vulnerability via Deeply Nested Symlinks in SquashFS Filesystems

Vulnerability

Impact

Remediation

Affected Products

Das U-Boot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating