CVE-2024-57259 – An off-by-one error in Das U-Boot's squashfs di... (How to Fix)

Q: What is the severity of CVE-2024-57259?

CVE-2024-57259 has a CVSS score of 7.1 (HIGH). An off-by-one error in Das U-Boot's squashfs directory listing function (sqfs_search_dir) causes heap memory corruption when processing paths. This vulnerability affects systems using Das U-Boot bootloader with squashfs support. Attackers could potentially execute arbitrary code or crash the bootloader during the boot process.

📋 TL;DR

An off-by-one error in Das U-Boot's squashfs directory listing function (sqfs_search_dir) causes heap memory corruption when processing paths. This vulnerability affects systems using Das U-Boot bootloader with squashfs support. Attackers could potentially execute arbitrary code or crash the bootloader during the boot process.

💻 Affected Systems

Products:

Das U-Boot

Versions: All versions before 2025.01-rc1

Operating Systems: Any OS using Das U-Boot bootloader

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with squashfs support enabled in U-Boot configuration.

📦 What is this software?

U Boot by Denx

View all CVEs affecting U Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution during boot process leading to persistent compromise of the entire system, potentially allowing attackers to install backdoors or modify the boot chain.

🟠

Likely Case

Bootloader crash causing denial of service (system fails to boot) or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

System fails to boot cleanly but no persistent compromise if proper integrity checks are in place.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the vulnerable code path during boot, typically through specially crafted squashfs images or boot parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.01-rc1 and later

Vendor Advisory: https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e

Restart Required: No

Instructions:

1. Update Das U-Boot to version 2025.01-rc1 or later. 2. Rebuild U-Boot with the patched source. 3. Flash the updated bootloader to affected devices.

🔧 Temporary Workarounds

Disable squashfs support

all

Remove squashfs filesystem support from U-Boot configuration to prevent triggering the vulnerable code path.

CONFIG_FS_SQUASHFS=n

🧯 If You Can't Patch

Isolate affected systems from untrusted boot sources.
Implement secure boot with signature verification for all boot components.

🔍 How to Verify

Check if Vulnerable:

Check U-Boot version with 'version' command during boot or examine bootloader binary version.

Check Version:

version

Verify Fix Applied:

Verify U-Boot version is 2025.01-rc1 or later and confirm squashfs functionality works without crashes.

📡 Detection & Monitoring

Log Indicators:

U-Boot crash messages during boot
Kernel panic before OS load
Repeated boot failures

Network Indicators:

None - this is a local bootloader vulnerability

SIEM Query:

Search for boot failure events or U-Boot crash messages in system logs.

📊 Metadata

CVE ID: CVE-2024-57259

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-193

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: February 18, 2025

Last Updated: November 3, 2025

🔗 References

https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e Patch
https://www.openwall.com/lists/oss-security/2025/02/17/2 Mailing List,Mitigation,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57259, you might also want to check these: