CVE-2024-57254

Publication date 18 February 2025

Last updated 11 July 2025


Ubuntu priority

Cvss 3 Severity Score

7.1 · High

Score breakdown

An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.

Status

Package Ubuntu Release Status
u-boot 25.04 plucky
Needs evaluation
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
u-boot-nezha 25.04 plucky
Needs evaluation
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Not in release

Severity score breakdown

Parameter Value
Base score 7.1 · High
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H