Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-57256 CVE-2024-57258 |
CWE-ID | CWE-190 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system u-boot-libretech-ac Operating systems & Components / Operating system package or component u-boot-bananapim64-doc Operating systems & Components / Operating system package or component u-boot-mvebuespressobin-88f3720 Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpzcu102rev10-doc Operating systems & Components / Operating system package or component u-boot-pinebook-pro-rk3399-doc Operating systems & Components / Operating system package or component u-boot-odroid-n2 Operating systems & Components / Operating system package or component u-boot-khadas-vim Operating systems & Components / Operating system package or component u-boot-dragonboard410c Operating systems & Components / Operating system package or component u-boot-p2771-0000-500 Operating systems & Components / Operating system package or component u-boot-mvebuespressobin-88f3720-doc Operating systems & Components / Operating system package or component u-boot-dragonboard820c-doc Operating systems & Components / Operating system package or component u-boot-dragonboard410c-doc Operating systems & Components / Operating system package or component u-boot-odroid-c4 Operating systems & Components / Operating system package or component u-boot-pinebook Operating systems & Components / Operating system package or component u-boot-p3450-0000-doc Operating systems & Components / Operating system package or component u-boot-evb-rk3399-doc Operating systems & Components / Operating system package or component u-boot-dragonboard820c Operating systems & Components / Operating system package or component u-boot-ls1012afrdmqspi Operating systems & Components / Operating system package or component u-boot-odroid-n2-doc Operating systems & Components / Operating system package or component u-boot-pineh64 Operating systems & Components / Operating system package or component u-boot-odroid-c2-doc Operating systems & Components / Operating system package or component u-boot-geekbox-doc Operating systems & Components / Operating system package or component u-boot-pine64plus Operating systems & Components / Operating system package or component u-boot-avnetultra96rev1 Operating systems & Components / Operating system package or component u-boot-mvebudb-88f3720 Operating systems & Components / Operating system package or component u-boot-odroid-c4-doc Operating systems & Components / Operating system package or component u-boot-bananapim64 Operating systems & Components / Operating system package or component u-boot-pinephone-doc Operating systems & Components / Operating system package or component u-boot-mvebudbarmada8k-doc Operating systems & Components / Operating system package or component u-boot-mvebumcbin-88f8040 Operating systems & Components / Operating system package or component u-boot-libretech-cc-doc Operating systems & Components / Operating system package or component u-boot-p2771-0000-500-doc Operating systems & Components / Operating system package or component u-boot-rockpro64-rk3399-doc Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpzcu102rev10 Operating systems & Components / Operating system package or component u-boot-pinebook-doc Operating systems & Components / Operating system package or component u-boot-rpi3 Operating systems & Components / Operating system package or component u-boot-pinephone Operating systems & Components / Operating system package or component u-boot-pinebook-pro-rk3399 Operating systems & Components / Operating system package or component u-boot-p2371-2180-doc Operating systems & Components / Operating system package or component u-boot-evb-rk3399 Operating systems & Components / Operating system package or component u-boot-mvebumcbin-88f8040-doc Operating systems & Components / Operating system package or component u-boot-rock960-rk3399 Operating systems & Components / Operating system package or component u-boot-hikey Operating systems & Components / Operating system package or component u-boot-rock-pi-4-rk3399-doc Operating systems & Components / Operating system package or component u-boot-rock-pi-4-rk3399 Operating systems & Components / Operating system package or component u-boot-pine64plus-doc Operating systems & Components / Operating system package or component u-boot-firefly-rk3399-doc Operating systems & Components / Operating system package or component u-boot-nanopia64-doc Operating systems & Components / Operating system package or component u-boot-orangepipc2-doc Operating systems & Components / Operating system package or component u-boot-ls1012afrdmqspi-doc Operating systems & Components / Operating system package or component u-boot-poplar Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpvirt Operating systems & Components / Operating system package or component u-boot-mvebudb-88f3720-doc Operating systems & Components / Operating system package or component u-boot-khadas-vim2-doc Operating systems & Components / Operating system package or component u-boot-libretech-cc Operating systems & Components / Operating system package or component u-boot-geekbox Operating systems & Components / Operating system package or component u-boot-xilinxzynqmpvirt-doc Operating systems & Components / Operating system package or component u-boot-libretech-ac-doc Operating systems & Components / Operating system package or component u-boot-nanopia64 Operating systems & Components / Operating system package or component u-boot-rpi4-doc Operating systems & Components / Operating system package or component u-boot-rock64-rk3328 Operating systems & Components / Operating system package or component u-boot-hikey-doc Operating systems & Components / Operating system package or component u-boot-p2371-2180 Operating systems & Components / Operating system package or component u-boot-rpiarm64-doc Operating systems & Components / Operating system package or component u-boot-rpi3-doc Operating systems & Components / Operating system package or component u-boot-khadas-vim2 Operating systems & Components / Operating system package or component u-boot-khadas-vim-doc Operating systems & Components / Operating system package or component u-boot-rockpro64-rk3399 Operating systems & Components / Operating system package or component u-boot-avnetultra96rev1-doc Operating systems & Components / Operating system package or component u-boot-p3450-0000 Operating systems & Components / Operating system package or component u-boot-rock64-rk3328-doc Operating systems & Components / Operating system package or component u-boot-pineh64-doc Operating systems & Components / Operating system package or component u-boot-orangepipc2 Operating systems & Components / Operating system package or component u-boot-rpi4 Operating systems & Components / Operating system package or component u-boot-firefly-rk3399 Operating systems & Components / Operating system package or component u-boot-rpiarm64 Operating systems & Components / Operating system package or component u-boot-rock960-rk3399-doc Operating systems & Components / Operating system package or component u-boot-poplar-doc Operating systems & Components / Operating system package or component u-boot-mvebudbarmada8k Operating systems & Components / Operating system package or component u-boot-odroid-c2 Operating systems & Components / Operating system package or component u-boot-tools-debuginfo Operating systems & Components / Operating system package or component u-boot-tools Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU105267
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57256
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the ext4fs_read_symlink() function. A local user can use a specially crafted ext4 filesystem to trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package u-boot to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.2
openSUSE Leap: 15.3
u-boot-libretech-ac: before 2021.01-150300.7.24.1
u-boot-bananapim64-doc: before 2021.01-150300.7.24.1
u-boot-mvebuespressobin-88f3720: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpzcu102rev10-doc: before 2021.01-150300.7.24.1
u-boot-pinebook-pro-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-odroid-n2: before 2021.01-150300.7.24.1
u-boot-khadas-vim: before 2021.01-150300.7.24.1
u-boot-dragonboard410c: before 2021.01-150300.7.24.1
u-boot-p2771-0000-500: before 2021.01-150300.7.24.1
u-boot-mvebuespressobin-88f3720-doc: before 2021.01-150300.7.24.1
u-boot-dragonboard820c-doc: before 2021.01-150300.7.24.1
u-boot-dragonboard410c-doc: before 2021.01-150300.7.24.1
u-boot-odroid-c4: before 2021.01-150300.7.24.1
u-boot-pinebook: before 2021.01-150300.7.24.1
u-boot-p3450-0000-doc: before 2021.01-150300.7.24.1
u-boot-evb-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-dragonboard820c: before 2021.01-150300.7.24.1
u-boot-ls1012afrdmqspi: before 2021.01-150300.7.24.1
u-boot-odroid-n2-doc: before 2021.01-150300.7.24.1
u-boot-pineh64: before 2021.01-150300.7.24.1
u-boot-odroid-c2-doc: before 2021.01-150300.7.24.1
u-boot-geekbox-doc: before 2021.01-150300.7.24.1
u-boot-pine64plus: before 2021.01-150300.7.24.1
u-boot-avnetultra96rev1: before 2021.01-150300.7.24.1
u-boot-mvebudb-88f3720: before 2021.01-150300.7.24.1
u-boot-odroid-c4-doc: before 2021.01-150300.7.24.1
u-boot-bananapim64: before 2021.01-150300.7.24.1
u-boot-pinephone-doc: before 2021.01-150300.7.24.1
u-boot-mvebudbarmada8k-doc: before 2021.01-150300.7.24.1
u-boot-mvebumcbin-88f8040: before 2021.01-150300.7.24.1
u-boot-libretech-cc-doc: before 2021.01-150300.7.24.1
u-boot-p2771-0000-500-doc: before 2021.01-150300.7.24.1
u-boot-rockpro64-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpzcu102rev10: before 2021.01-150300.7.24.1
u-boot-pinebook-doc: before 2021.01-150300.7.24.1
u-boot-rpi3: before 2021.01-150300.7.24.1
u-boot-pinephone: before 2021.01-150300.7.24.1
u-boot-pinebook-pro-rk3399: before 2021.01-150300.7.24.1
u-boot-p2371-2180-doc: before 2021.01-150300.7.24.1
u-boot-evb-rk3399: before 2021.01-150300.7.24.1
u-boot-mvebumcbin-88f8040-doc: before 2021.01-150300.7.24.1
u-boot-rock960-rk3399: before 2021.01-150300.7.24.1
u-boot-hikey: before 2021.01-150300.7.24.1
u-boot-rock-pi-4-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-rock-pi-4-rk3399: before 2021.01-150300.7.24.1
u-boot-pine64plus-doc: before 2021.01-150300.7.24.1
u-boot-firefly-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-nanopia64-doc: before 2021.01-150300.7.24.1
u-boot-orangepipc2-doc: before 2021.01-150300.7.24.1
u-boot-ls1012afrdmqspi-doc: before 2021.01-150300.7.24.1
u-boot-poplar: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpvirt: before 2021.01-150300.7.24.1
u-boot-mvebudb-88f3720-doc: before 2021.01-150300.7.24.1
u-boot-khadas-vim2-doc: before 2021.01-150300.7.24.1
u-boot-libretech-cc: before 2021.01-150300.7.24.1
u-boot-geekbox: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpvirt-doc: before 2021.01-150300.7.24.1
u-boot-libretech-ac-doc: before 2021.01-150300.7.24.1
u-boot-nanopia64: before 2021.01-150300.7.24.1
u-boot-rpi4-doc: before 2021.01-150300.7.24.1
u-boot-rock64-rk3328: before 2021.01-150300.7.24.1
u-boot-hikey-doc: before 2021.01-150300.7.24.1
u-boot-p2371-2180: before 2021.01-150300.7.24.1
u-boot-rpiarm64-doc: before 2021.01-150300.7.24.1
u-boot-rpi3-doc: before 2021.01-150300.7.24.1
u-boot-khadas-vim2: before 2021.01-150300.7.24.1
u-boot-khadas-vim-doc: before 2021.01-150300.7.24.1
u-boot-rockpro64-rk3399: before 2021.01-150300.7.24.1
u-boot-avnetultra96rev1-doc: before 2021.01-150300.7.24.1
u-boot-p3450-0000: before 2021.01-150300.7.24.1
u-boot-rock64-rk3328-doc: before 2021.01-150300.7.24.1
u-boot-pineh64-doc: before 2021.01-150300.7.24.1
u-boot-orangepipc2: before 2021.01-150300.7.24.1
u-boot-rpi4: before 2021.01-150300.7.24.1
u-boot-firefly-rk3399: before 2021.01-150300.7.24.1
u-boot-rpiarm64: before 2021.01-150300.7.24.1
u-boot-rock960-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-poplar-doc: before 2021.01-150300.7.24.1
u-boot-mvebudbarmada8k: before 2021.01-150300.7.24.1
u-boot-odroid-c2: before 2021.01-150300.7.24.1
u-boot-tools-debuginfo: before 2021.01-150300.7.24.1
u-boot-tools: before 2021.01-150300.7.24.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250817-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU105296
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57258
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow. A local user can use a specially crafted squashfs filesystem to trigger integer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package u-boot to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.2
openSUSE Leap: 15.3
u-boot-libretech-ac: before 2021.01-150300.7.24.1
u-boot-bananapim64-doc: before 2021.01-150300.7.24.1
u-boot-mvebuespressobin-88f3720: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpzcu102rev10-doc: before 2021.01-150300.7.24.1
u-boot-pinebook-pro-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-odroid-n2: before 2021.01-150300.7.24.1
u-boot-khadas-vim: before 2021.01-150300.7.24.1
u-boot-dragonboard410c: before 2021.01-150300.7.24.1
u-boot-p2771-0000-500: before 2021.01-150300.7.24.1
u-boot-mvebuespressobin-88f3720-doc: before 2021.01-150300.7.24.1
u-boot-dragonboard820c-doc: before 2021.01-150300.7.24.1
u-boot-dragonboard410c-doc: before 2021.01-150300.7.24.1
u-boot-odroid-c4: before 2021.01-150300.7.24.1
u-boot-pinebook: before 2021.01-150300.7.24.1
u-boot-p3450-0000-doc: before 2021.01-150300.7.24.1
u-boot-evb-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-dragonboard820c: before 2021.01-150300.7.24.1
u-boot-ls1012afrdmqspi: before 2021.01-150300.7.24.1
u-boot-odroid-n2-doc: before 2021.01-150300.7.24.1
u-boot-pineh64: before 2021.01-150300.7.24.1
u-boot-odroid-c2-doc: before 2021.01-150300.7.24.1
u-boot-geekbox-doc: before 2021.01-150300.7.24.1
u-boot-pine64plus: before 2021.01-150300.7.24.1
u-boot-avnetultra96rev1: before 2021.01-150300.7.24.1
u-boot-mvebudb-88f3720: before 2021.01-150300.7.24.1
u-boot-odroid-c4-doc: before 2021.01-150300.7.24.1
u-boot-bananapim64: before 2021.01-150300.7.24.1
u-boot-pinephone-doc: before 2021.01-150300.7.24.1
u-boot-mvebudbarmada8k-doc: before 2021.01-150300.7.24.1
u-boot-mvebumcbin-88f8040: before 2021.01-150300.7.24.1
u-boot-libretech-cc-doc: before 2021.01-150300.7.24.1
u-boot-p2771-0000-500-doc: before 2021.01-150300.7.24.1
u-boot-rockpro64-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpzcu102rev10: before 2021.01-150300.7.24.1
u-boot-pinebook-doc: before 2021.01-150300.7.24.1
u-boot-rpi3: before 2021.01-150300.7.24.1
u-boot-pinephone: before 2021.01-150300.7.24.1
u-boot-pinebook-pro-rk3399: before 2021.01-150300.7.24.1
u-boot-p2371-2180-doc: before 2021.01-150300.7.24.1
u-boot-evb-rk3399: before 2021.01-150300.7.24.1
u-boot-mvebumcbin-88f8040-doc: before 2021.01-150300.7.24.1
u-boot-rock960-rk3399: before 2021.01-150300.7.24.1
u-boot-hikey: before 2021.01-150300.7.24.1
u-boot-rock-pi-4-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-rock-pi-4-rk3399: before 2021.01-150300.7.24.1
u-boot-pine64plus-doc: before 2021.01-150300.7.24.1
u-boot-firefly-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-nanopia64-doc: before 2021.01-150300.7.24.1
u-boot-orangepipc2-doc: before 2021.01-150300.7.24.1
u-boot-ls1012afrdmqspi-doc: before 2021.01-150300.7.24.1
u-boot-poplar: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpvirt: before 2021.01-150300.7.24.1
u-boot-mvebudb-88f3720-doc: before 2021.01-150300.7.24.1
u-boot-khadas-vim2-doc: before 2021.01-150300.7.24.1
u-boot-libretech-cc: before 2021.01-150300.7.24.1
u-boot-geekbox: before 2021.01-150300.7.24.1
u-boot-xilinxzynqmpvirt-doc: before 2021.01-150300.7.24.1
u-boot-libretech-ac-doc: before 2021.01-150300.7.24.1
u-boot-nanopia64: before 2021.01-150300.7.24.1
u-boot-rpi4-doc: before 2021.01-150300.7.24.1
u-boot-rock64-rk3328: before 2021.01-150300.7.24.1
u-boot-hikey-doc: before 2021.01-150300.7.24.1
u-boot-p2371-2180: before 2021.01-150300.7.24.1
u-boot-rpiarm64-doc: before 2021.01-150300.7.24.1
u-boot-rpi3-doc: before 2021.01-150300.7.24.1
u-boot-khadas-vim2: before 2021.01-150300.7.24.1
u-boot-khadas-vim-doc: before 2021.01-150300.7.24.1
u-boot-rockpro64-rk3399: before 2021.01-150300.7.24.1
u-boot-avnetultra96rev1-doc: before 2021.01-150300.7.24.1
u-boot-p3450-0000: before 2021.01-150300.7.24.1
u-boot-rock64-rk3328-doc: before 2021.01-150300.7.24.1
u-boot-pineh64-doc: before 2021.01-150300.7.24.1
u-boot-orangepipc2: before 2021.01-150300.7.24.1
u-boot-rpi4: before 2021.01-150300.7.24.1
u-boot-firefly-rk3399: before 2021.01-150300.7.24.1
u-boot-rpiarm64: before 2021.01-150300.7.24.1
u-boot-rock960-rk3399-doc: before 2021.01-150300.7.24.1
u-boot-poplar-doc: before 2021.01-150300.7.24.1
u-boot-mvebudbarmada8k: before 2021.01-150300.7.24.1
u-boot-odroid-c2: before 2021.01-150300.7.24.1
u-boot-tools-debuginfo: before 2021.01-150300.7.24.1
u-boot-tools: before 2021.01-150300.7.24.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250817-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.