
oss-sec mailing list archives
Multiple Vulnerabilities in Barebox
From: Richard Weinberger <richard () sigma-star at>
Date: Mon, 17 Feb 2025 14:44:48 +0100
## Summary - *Identifier:* sigma-star-sa-2024-003 - *Vendor:* - - *Product/Software:* [Barebox](https://barebox.org) - *Affected versions:* < v2025.01.0 - *Fixed versions:* v2025.01.0 - *CVE IDs:* CVE-2024-57260, CVE-2024-57261, CVE-2024-57262 ## Affected Product and Vendor
barebox is a bootloader designed for embedded systems. It runs on a variety of architectures including x86, ARM, MIPS, RISC-V and others. barebox aims to be a versatile and flexible bootloader, not only for booting embedded Linux systems, but also for initial hardware bringup and development. barebox is highly configurable to be suitable as a full- featured development binary as well as for lean production systems. Just like busybox is the Swiss Army Knife for embedded Linux, barebox is the Swiss Army Knife for bare metal, hence the name.
Source: https://barebox.org/ ## Description Multuple vulnerabilities have been found in Barebox: - CVE-2024-57260: Multiple vulnerabilities in Barebox’s SquashFS due to missing patches from Linux - CVE-2024-57261: Integer overflow in Barebox’s memory allocator - CVE-2024-57262: Integer overflow in Barebox’s SquashFS symlink resolution function ## Impact An attacker capable of modifying ext4 or SquashFS filesystem data structures can exploit multiple memory corruption vulnerabilities in Barebox. For systems that rely on verified boot, these vulnerabilities allow an attacker to bypass the chain of trust and achieve code execution by exploiting these issues. CVE-2024-57261 may also be exploited in Barebox through other subsystems than ext4 or SquashFS. ## Mitigation Upgrade to version v2025.01.0 or newer. ## Patches - https://git.pengutronix.de/cgit/barebox/commit/?id=ced445748477037e88f118b6d67409e0f3f2ea76 - https://git.pengutronix.de/cgit/barebox/commit/?id=12c3770203e2b264a796b43a54c6dd5f9fe3d2f0 - https://git.pengutronix.de/cgit/barebox/commit/?id=efe52dae380ab1e0bfdc2ee1575cf95da7061d99 - https://git.pengutronix.de/cgit/barebox/commit/?id=b8bd710ec1c90d032a461d57e522a8f985809278 - https://git.pengutronix.de/cgit/barebox/commit/?id=f034651371945a66069c2e9ff5a711211f650d0d - https://git.pengutronix.de/cgit/barebox/commit/?id=7cf25e0733f08f68d1bf0ca0c3cf6e2dfe51bd3c - https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d87ba6f88a9ea50e71f107b514ff4e ## Credits - Richard Weinberger ([sigma star gmbh](https://sigma-star.at) - David Gstir ([sigma star gmbh](https://sigma-star.at) -- sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT UID/VAT Nr: ATU 66964118 | FN: 374287y
Current thread:
- Multiple Vulnerabilities in Barebox Richard Weinberger (Feb 17)