mirror of
https://git.yoctoproject.org/poky
synced 2026-03-10 01:09:40 +01:00
c54a2f894e
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57256 (From OE-Core rev: 534aa63726f31241e3a9d4aa70d4005fa0300133) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>