Primary

Context

Das U-Boot Integer Overflow Vulnerability in Memory Allocation

Vulnerability

Patched

A vulnerability allowing multiple integer overflows in the memory allocation process has been identified in Das U-Boot versions prior to 2025.01-rc1. This issue arises when handling a crafted SquashFS filesystem, particularly through the sbrk function, the request2size function, or due to improper management of ptrdiff_t on x86_64 architectures.

Impact

Exploitation of this vulnerability can lead to memory corruption, with potential consequences such as arbitrary code execution, especially in environments that utilize verified boot, where it could allow an attacker to bypass the chain of trust.

Remediation

Users are advised to upgrade to U-Boot version 2025.01-rc1 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Das U-Boot Integer Overflow Vulnerability in Memory Allocation

Vulnerability

Impact

Remediation

Affected Products

Das U-Boot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating