UBUNTU-CVE-2024-57256

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-57256

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-57256.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-57256

Related

CVE-2024-57256

Published

2025-02-18T23:15:00Z

Modified

2025-02-20T04:38:47Z

Summary

[none]

Details

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

References

Affected packages

Ubuntu:Pro:16.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2016.01+dfsg1-2ubuntu5?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2015.*

2015.04+dfsg1-2ubuntu1

2015.10+dfsg1-2

2015.10+dfsg1-3

2015.10+dfsg1-4

2016.*

2016.01+dfsg1-1

2016.01+dfsg1-1ubuntu1

2016.01+dfsg1-2ubuntu1

2016.01+dfsg1-2ubuntu2

2016.01+dfsg1-2ubuntu3

2016.01+dfsg1-2ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2020.10+dfsg-1ubuntu0~18.04.3?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2016.*

2016.03+dfsg1-6ubuntu2

2018.*

2018.07~rc3+dfsg1-0ubuntu1~18.04.1

2018.07~rc3+dfsg1-0ubuntu2~18.04.1

2018.07~rc3+dfsg1-0ubuntu3~18.04.1

2019.*

2019.07+dfsg-1ubuntu4~18.04.1

2020.*

2020.10+dfsg-1ubuntu0~18.04.2

2020.10+dfsg-1ubuntu0~18.04.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2021.01+dfsg-3ubuntu0~20.04.6?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2019.*

2019.07+dfsg-1ubuntu3

2019.07+dfsg-1ubuntu5

2019.07+dfsg-1ubuntu6

2020.*

2020.10+dfsg-1ubuntu0~20.04.2

2021.*

2021.01+dfsg-3ubuntu0~20.04.1

2021.01+dfsg-3ubuntu0~20.04.3

2021.01+dfsg-3ubuntu0~20.04.4

2021.01+dfsg-3ubuntu0~20.04.5

2021.01+dfsg-3ubuntu0~20.04.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2022.01+dfsg-2ubuntu2.6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.07+dfsg-0ubuntu8

2021.07+dfsg-0ubuntu9

2021.07+dfsg-0ubuntu10

2022.*

2022.01+dfsg-2ubuntu1

2022.01+dfsg-2ubuntu2

2022.01+dfsg-2ubuntu2.1

2022.01+dfsg-2ubuntu2.3

2022.01+dfsg-2ubuntu2.4

2022.01+dfsg-2ubuntu2.5

2022.01+dfsg-2ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / u-boot-nezha

Package

Name: u-boot-nezha
Purl: pkg:deb/ubuntu/u-boot-nezha@2022.04+git20220405.7446a472-0ubuntu0.4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.09+git20211008.62392d3-0ubuntu1

2022.*

2022.04+git20220405.7446a472-0ubuntu0.1

2022.04+git20220405.7446a472-0ubuntu0.2

2022.04+git20220405.7446a472-0ubuntu0.3

2022.04+git20220405.7446a472-0ubuntu0.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2024.01+dfsg-5ubuntu2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2024.*

2024.01+dfsg-1ubuntu5

2024.01+dfsg-1ubuntu6

2024.01+dfsg-5ubuntu1

2024.01+dfsg-5ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / u-boot-nezha

Package

Name: u-boot-nezha
Purl: pkg:deb/ubuntu/u-boot-nezha@2024.01~rc1-190-g2e89b706f5-0ubuntu3?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2024.*

2024.01~rc1-190-g2e89b706f5-0ubuntu2

2024.01~rc1-190-g2e89b706f5-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2024.01+dfsg-1ubuntu5.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.07+dfsg-1ubuntu2

2024.*

2024.01+dfsg-1ubuntu1

2024.01+dfsg-1ubuntu2

2024.01+dfsg-1ubuntu3

2024.01+dfsg-1ubuntu4

2024.01+dfsg-1ubuntu5

2024.01+dfsg-1ubuntu5.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / u-boot-nezha

Package

Name: u-boot-nezha
Purl: pkg:deb/ubuntu/u-boot-nezha@2024.01~rc1-190-g2e89b706f5-0ubuntu2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.10-1089-g528ae9bc6c-0ubuntu2

2024.*

2024.01~rc1-190-g2e89b706f5-0ubuntu1

2024.01~rc1-190-g2e89b706f5-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}