SUSE update for u-boot

Published: 2025-03-10

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-57256 CVE-2024-57258
CWE-ID	CWE-190
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system u-boot-libretech-ac Operating systems & Components / Operating system package or component u-boot-bananapim64-doc Operating systems & Components / Operating system package or component u-boot-mvebuespressobin-88f3720 Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpzcu102rev10-doc Operating systems & Components / Operating system package or component u-boot-pinebook-pro-rk3399-doc Operating systems & Components / Operating system package or component u-boot-odroid-n2 Operating systems & Components / Operating system package or component u-boot-khadas-vim Operating systems & Components / Operating system package or component u-boot-dragonboard410c Operating systems & Components / Operating system package or component u-boot-p2771-0000-500 Operating systems & Components / Operating system package or component u-boot-mvebuespressobin-88f3720-doc Operating systems & Components / Operating system package or component u-boot-dragonboard820c-doc Operating systems & Components / Operating system package or component u-boot-dragonboard410c-doc Operating systems & Components / Operating system package or component u-boot-odroid-c4 Operating systems & Components / Operating system package or component u-boot-pinebook Operating systems & Components / Operating system package or component u-boot-p3450-0000-doc Operating systems & Components / Operating system package or component u-boot-evb-rk3399-doc Operating systems & Components / Operating system package or component u-boot-dragonboard820c Operating systems & Components / Operating system package or component u-boot-ls1012afrdmqspi Operating systems & Components / Operating system package or component u-boot-odroid-n2-doc Operating systems & Components / Operating system package or component u-boot-pineh64 Operating systems & Components / Operating system package or component u-boot-odroid-c2-doc Operating systems & Components / Operating system package or component u-boot-geekbox-doc Operating systems & Components / Operating system package or component u-boot-pine64plus Operating systems & Components / Operating system package or component u-boot-avnetultra96rev1 Operating systems & Components / Operating system package or component u-boot-mvebudb-88f3720 Operating systems & Components / Operating system package or component u-boot-odroid-c4-doc Operating systems & Components / Operating system package or component u-boot-bananapim64 Operating systems & Components / Operating system package or component u-boot-pinephone-doc Operating systems & Components / Operating system package or component u-boot-mvebudbarmada8k-doc Operating systems & Components / Operating system package or component u-boot-mvebumcbin-88f8040 Operating systems & Components / Operating system package or component u-boot-libretech-cc-doc Operating systems & Components / Operating system package or component u-boot-p2771-0000-500-doc Operating systems & Components / Operating system package or component u-boot-rockpro64-rk3399-doc Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpzcu102rev10 Operating systems & Components / Operating system package or component u-boot-pinebook-doc Operating systems & Components / Operating system package or component u-boot-rpi3 Operating systems & Components / Operating system package or component u-boot-pinephone Operating systems & Components / Operating system package or component u-boot-pinebook-pro-rk3399 Operating systems & Components / Operating system package or component u-boot-p2371-2180-doc Operating systems & Components / Operating system package or component u-boot-evb-rk3399 Operating systems & Components / Operating system package or component u-boot-mvebumcbin-88f8040-doc Operating systems & Components / Operating system package or component u-boot-rock960-rk3399 Operating systems & Components / Operating system package or component u-boot-hikey Operating systems & Components / Operating system package or component u-boot-rock-pi-4-rk3399-doc Operating systems & Components / Operating system package or component u-boot-rock-pi-4-rk3399 Operating systems & Components / Operating system package or component u-boot-pine64plus-doc Operating systems & Components / Operating system package or component u-boot-firefly-rk3399-doc Operating systems & Components / Operating system package or component u-boot-nanopia64-doc Operating systems & Components / Operating system package or component u-boot-orangepipc2-doc Operating systems & Components / Operating system package or component u-boot-ls1012afrdmqspi-doc Operating systems & Components / Operating system package or component u-boot-poplar Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpvirt Operating systems & Components / Operating system package or component u-boot-mvebudb-88f3720-doc Operating systems & Components / Operating system package or component u-boot-khadas-vim2-doc Operating systems & Components / Operating system package or component u-boot-libretech-cc Operating systems & Components / Operating system package or component u-boot-geekbox Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpvirt-doc Operating systems & Components / Operating system package or component u-boot-libretech-ac-doc Operating systems & Components / Operating system package or component u-boot-nanopia64 Operating systems & Components / Operating system package or component u-boot-rpi4-doc Operating systems & Components / Operating system package or component u-boot-rock64-rk3328 Operating systems & Components / Operating system package or component u-boot-hikey-doc Operating systems & Components / Operating system package or component u-boot-p2371-2180 Operating systems & Components / Operating system package or component u-boot-rpiarm64-doc Operating systems & Components / Operating system package or component u-boot-rpi3-doc Operating systems & Components / Operating system package or component u-boot-khadas-vim2 Operating systems & Components / Operating system package or component u-boot-khadas-vim-doc Operating systems & Components / Operating system package or component u-boot-rockpro64-rk3399 Operating systems & Components / Operating system package or component u-boot-avnetultra96rev1-doc Operating systems & Components / Operating system package or component u-boot-p3450-0000 Operating systems & Components / Operating system package or component u-boot-rock64-rk3328-doc Operating systems & Components / Operating system package or component u-boot-pineh64-doc Operating systems & Components / Operating system package or component u-boot-orangepipc2 Operating systems & Components / Operating system package or component u-boot-rpi4 Operating systems & Components / Operating system package or component u-boot-firefly-rk3399 Operating systems & Components / Operating system package or component u-boot-rpiarm64 Operating systems & Components / Operating system package or component u-boot-rock960-rk3399-doc Operating systems & Components / Operating system package or component u-boot-poplar-doc Operating systems & Components / Operating system package or component u-boot-mvebudbarmada8k Operating systems & Components / Operating system package or component u-boot-odroid-c2 Operating systems & Components / Operating system package or component u-boot-tools-debuginfo Operating systems & Components / Operating system package or component u-boot-tools Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU105267

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57256

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the ext4fs_read_symlink() function. A local user can use a specially crafted ext4 filesystem to trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package u-boot to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.2

openSUSE Leap: 15.3

u-boot-libretech-ac: before 2021.01-150300.7.24.1

u-boot-bananapim64-doc: before 2021.01-150300.7.24.1

u-boot-mvebuespressobin-88f3720: before 2021.01-150300.7.24.1

u-boot-xilinxzynqmpzcu102rev10-doc: before 2021.01-150300.7.24.1

u-boot-pinebook-pro-rk3399-doc: before 2021.01-150300.7.24.1

u-boot-odroid-n2: before 2021.01-150300.7.24.1

u-boot-khadas-vim: before 2021.01-150300.7.24.1

u-boot-dragonboard410c: before 2021.01-150300.7.24.1

u-boot-p2771-0000-500: before 2021.01-150300.7.24.1

u-boot-mvebuespressobin-88f3720-doc: before 2021.01-150300.7.24.1

u-boot-dragonboard820c-doc: before 2021.01-150300.7.24.1

u-boot-dragonboard410c-doc: before 2021.01-150300.7.24.1

u-boot-odroid-c4: before 2021.01-150300.7.24.1

u-boot-pinebook: before 2021.01-150300.7.24.1

u-boot-p3450-0000-doc: before 2021.01-150300.7.24.1

u-boot-evb-rk3399-doc: before 2021.01-150300.7.24.1

u-boot-dragonboard820c: before 2021.01-150300.7.24.1

u-boot-ls1012afrdmqspi: before 2021.01-150300.7.24.1

u-boot-odroid-n2-doc: before 2021.01-150300.7.24.1

u-boot-pineh64: before 2021.01-150300.7.24.1

u-boot-odroid-c2-doc: before 2021.01-150300.7.24.1

u-boot-geekbox-doc: before 2021.01-150300.7.24.1

u-boot-pine64plus: before 2021.01-150300.7.24.1

u-boot-avnetultra96rev1: before 2021.01-150300.7.24.1

u-boot-mvebudb-88f3720: before 2021.01-150300.7.24.1

u-boot-odroid-c4-doc: before 2021.01-150300.7.24.1

u-boot-bananapim64: before 2021.01-150300.7.24.1

u-boot-pinephone-doc: before 2021.01-150300.7.24.1

u-boot-mvebudbarmada8k-doc: before 2021.01-150300.7.24.1

u-boot-mvebumcbin-88f8040: before 2021.01-150300.7.24.1

u-boot-libretech-cc-doc: before 2021.01-150300.7.24.1

u-boot-p2771-0000-500-doc: before 2021.01-150300.7.24.1

u-boot-rockpro64-rk3399-doc: before 2021.01-150300.7.24.1

u-boot-xilinxzynqmpzcu102rev10: before 2021.01-150300.7.24.1

u-boot-pinebook-doc: before 2021.01-150300.7.24.1

u-boot-rpi3: before 2021.01-150300.7.24.1

u-boot-pinephone: before 2021.01-150300.7.24.1

u-boot-pinebook-pro-rk3399: before 2021.01-150300.7.24.1

u-boot-p2371-2180-doc: before 2021.01-150300.7.24.1

u-boot-evb-rk3399: before 2021.01-150300.7.24.1

u-boot-mvebumcbin-88f8040-doc: before 2021.01-150300.7.24.1

u-boot-rock960-rk3399: before 2021.01-150300.7.24.1

u-boot-hikey: before 2021.01-150300.7.24.1

u-boot-rock-pi-4-rk3399-doc: before 2021.01-150300.7.24.1

u-boot-rock-pi-4-rk3399: before 2021.01-150300.7.24.1

u-boot-pine64plus-doc: before 2021.01-150300.7.24.1

u-boot-firefly-rk3399-doc: before 2021.01-150300.7.24.1

u-boot-nanopia64-doc: before 2021.01-150300.7.24.1

u-boot-orangepipc2-doc: before 2021.01-150300.7.24.1

u-boot-ls1012afrdmqspi-doc: before 2021.01-150300.7.24.1

u-boot-poplar: before 2021.01-150300.7.24.1

u-boot-xilinxzynqmpvirt: before 2021.01-150300.7.24.1

u-boot-mvebudb-88f3720-doc: before 2021.01-150300.7.24.1

u-boot-khadas-vim2-doc: before 2021.01-150300.7.24.1

u-boot-libretech-cc: before 2021.01-150300.7.24.1

u-boot-geekbox: before 2021.01-150300.7.24.1

u-boot-xilinxzynqmpvirt-doc: before 2021.01-150300.7.24.1

u-boot-libretech-ac-doc: before 2021.01-150300.7.24.1

u-boot-nanopia64: before 2021.01-150300.7.24.1

u-boot-rpi4-doc: before 2021.01-150300.7.24.1

u-boot-rock64-rk3328: before 2021.01-150300.7.24.1

u-boot-hikey-doc: before 2021.01-150300.7.24.1

u-boot-p2371-2180: before 2021.01-150300.7.24.1

u-boot-rpiarm64-doc: before 2021.01-150300.7.24.1

u-boot-rpi3-doc: before 2021.01-150300.7.24.1

u-boot-khadas-vim2: before 2021.01-150300.7.24.1

u-boot-khadas-vim-doc: before 2021.01-150300.7.24.1

u-boot-rockpro64-rk3399: before 2021.01-150300.7.24.1

u-boot-avnetultra96rev1-doc: before 2021.01-150300.7.24.1

u-boot-p3450-0000: before 2021.01-150300.7.24.1

u-boot-rock64-rk3328-doc: before 2021.01-150300.7.24.1

u-boot-pineh64-doc: before 2021.01-150300.7.24.1

u-boot-orangepipc2: before 2021.01-150300.7.24.1

u-boot-rpi4: before 2021.01-150300.7.24.1

u-boot-firefly-rk3399: before 2021.01-150300.7.24.1

u-boot-rpiarm64: before 2021.01-150300.7.24.1

u-boot-rock960-rk3399-doc: before 2021.01-150300.7.24.1

u-boot-poplar-doc: before 2021.01-150300.7.24.1

u-boot-mvebudbarmada8k: before 2021.01-150300.7.24.1

u-boot-odroid-c2: before 2021.01-150300.7.24.1

u-boot-tools-debuginfo: before 2021.01-150300.7.24.1

u-boot-tools: before 2021.01-150300.7.24.1

CPE2.3

External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250817-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU105296