{"id":"USN-8056-1","summary":"u-boot vulnerabilities","details":"Simon Diepold discovered that U-Boot incorrectly handled certain DHCP\nresponses. An attacker on the local network could possibly use this issue\nto obtain sensitive memory contents. (CVE-2024-42040)\n\nIt was discovered that U-Boot incorrectly handled symlink size calculations\nin squashfs file systems. An attacker could use this issue with a specially\ncrafted squashfs file system to cause U-Boot to crash, resulting in a denial\nof service, or execute arbitrary code. (CVE-2024-57254)\n\nIt was discovered that U-Boot incorrectly handled inode size calculations\nin squashfs file systems. An attacker could use this issue with a specially\ncrafted squashfs file system to cause U-Boot to crash, resulting in a denial\nof service, or execute arbitrary code. (CVE-2024-57255)\n\nIt was discovered that U-Boot incorrectly handled inode size calculations\nin EXT4 file systems. An attacker could use this issue with a specially\ncrafted EXT4 file system to cause U-Boot to crash, resulting in a denial of\nservice, or execute arbitrary code. (CVE-2024-57256)\n\nIt was discovered that U-Boot incorrectly handled deep symlink nesting in\nsquashfs file systems. An attacker could possibly use this issue with a\nspecially crafted squashfs file system to cause U-Boot to crash, resulting\nin a denial of service. (CVE-2024-57257)\n\nIt was discovered that U-Boot incorrectly handled memory allocation in\nsquashfs file systems. An attacker could use this issue with a specially\ncrafted squashfs file system to cause U-Boot to crash, resulting in a denial\nof service, or execute arbitrary code. (CVE-2024-57258)","modified":"2026-02-23T23:14:51.693316Z","published":"2026-02-23T13:04:26Z","related":["UBUNTU-CVE-2024-57254","UBUNTU-CVE-2024-57255","UBUNTU-CVE-2024-57256","UBUNTU-CVE-2024-57257","UBUNTU-CVE-2024-57258","UBUNTU-CVE-2024-57259"],"upstream":["CVE-2024-57254","CVE-2024-57255","CVE-2024-57256","CVE-2024-57257","CVE-2024-57258","CVE-2024-57259","UBUNTU-CVE-2024-57254","UBUNTU-CVE-2024-57255","UBUNTU-CVE-2024-57256","UBUNTU-CVE-2024-57257","UBUNTU-CVE-2024-57258","UBUNTU-CVE-2024-57259"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8056-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-57254"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-57255"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-57256"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-57257"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-57258"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-57259"}],"affected":[{"package":{"name":"u-boot","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/u-boot@2022.01+dfsg-2ubuntu2.7?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2022.01+dfsg-2ubuntu2.7"}]}],"versions":["2021.07+dfsg-0ubuntu8","2021.07+dfsg-0ubuntu9","2021.07+dfsg-0ubuntu10","2022.01+dfsg-2ubuntu1","2022.01+dfsg-2ubuntu2","2022.01+dfsg-2ubuntu2.1","2022.01+dfsg-2ubuntu2.3","2022.01+dfsg-2ubuntu2.4","2022.01+dfsg-2ubuntu2.5","2022.01+dfsg-2ubuntu2.6"],"ecosystem_specific":{"binaries":[{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-amlogic"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-exynos"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-imx"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-microchip"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-mvebu"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-omap"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-qcom"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-qemu"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-rockchip"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-rpi"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-sifive"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-sunxi"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-tegra"},{"binary_version":"2022.01+dfsg-2ubuntu2.7","binary_name":"u-boot-tools"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57254"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57255"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57256"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57257"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57258"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57259"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8056-1.json"}},{"package":{"name":"u-boot","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/u-boot@2025.10-0ubuntu0.24.04.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2025.10-0ubuntu0.24.04.2"}]}],"versions":["2023.07+dfsg-1ubuntu2","2024.01+dfsg-1ubuntu1","2024.01+dfsg-1ubuntu2","2024.01+dfsg-1ubuntu3","2024.01+dfsg-1ubuntu4","2024.01+dfsg-1ubuntu5","2024.01+dfsg-1ubuntu5.1","2024.01+dfsg-1ubuntu5.2","2025.01-0ubuntu0.24.04.1","2025.01-0ubuntu0.24.04.2","2025.10-0ubuntu0.24.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-amlogic"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-amlogic-binaries"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-asahi"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-exynos"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-exynos-binaries"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-imx"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-microchip"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-mvebu"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-omap"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-qcom"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-qemu"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-rockchip"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-rpi"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-sifive"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-sitara-binaries"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-starfive"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-stm32"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-sunxi"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-tegra"},{"binary_version":"2025.10-0ubuntu0.24.04.2","binary_name":"u-boot-tools"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57254"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57255"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57256"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57257"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57258"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-57259"}],"ecosystem":"Ubuntu:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8056-1.json"}}],"schema_version":"1.7.3"}