mirror of
https://git.yoctoproject.org/poky
synced 2026-03-12 02:09:39 +01:00
7e46bdecf4
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57255 (From OE-Core rev: 687b6e0a166d7dc999b7d226a9bd68155f59a03a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>