CVE-2024-57262 Information

Description

In barebox before 2025.01.0 ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff resulting in a malloc of zero and resultant memory overwrite a related issue to CVE-2024-57256.

Reference

https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d8 https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d87ba6f88a9ea50e71f107b514ff4e