Linux Distros Unpatched Vulnerability : CVE-2024-57255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting ...

OESA-2022-1800 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contain...

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...