Security vulnerabilities report to Das-U-Boot
Jonathan Bar Or
jonathanbaror at gmail.com
Sat Feb 15 14:24:26 AEDT 2025
Please disregard the previous message, those are the actual CVE numbers:
- CVE-2025-26726 :SquashFS directory table parsing buffer overflow
- CVE-2025-26727: SquashFS inode parsing buffer overflow.
- CVE-2025-26728: SquashFS nested file reading buffer overflow.
- CVE-2025-26729: EroFS symlink resolution buffer overflow.
Best regards,
Jonathan
On Fri, Feb 14, 2025 at 7:17 PM Jonathan Bar Or <jonathanbaror at gmail.com> wrote:
>
> Hi folks.
>
> Here are the CVEs assigned by MITRE:
> - CVE-2025-26721: buffer overflow in the persistent storage for file creation
> - CVE-2025-26722: buffer overflow in SquashFS symlink resolution
> - CVE-2025-26723: buffer overflow in EXT4 symlink resolution
> - CVE-2025-26724: buffer overflow in CramFS symlink resolution
> - CVE-2025-26724: buffer overflow in JFFS2 dirent parsing
>
> Best regards,
> Jonathan
>
> On Wed, Feb 12, 2025 at 12:24 AM Miquel Raynal
> <miquel.raynal at bootlin.com> wrote:
> >
> > Hello Tom,
> >
> > On 11/02/2025 at 15:29:09 -06, Tom Rini <trini at konsulko.com> wrote:
> >
> > > On Tue, Feb 11, 2025 at 08:26:37AM -0800, Jonathan Bar Or wrote:
> > >> Hi Tom and the rest of the team,
> > >>
> > >> Please let me know about fix time, whether this is acknowledged and
> > >> whether you're going to request CVE IDs for those or if I should do
> > >> it.
> > >> The reason is that I found similar issues in other bootloaders, so I'm
> > >> trying to synchronize all of them. For what it's worth, Barebox has
> > >> similar issues and are currently fixing.
> > >
> > > Yes, these seem valid. We don't have a CVE requesting authority so if
> > > you want them, go ahead and request them. You saw Gao Xiang's response
> > > for erofs, and I'm hoping one of the squashfs maintainers will chime
> > > in.
> >
> > Either João or me, we will have a look.
> >
> > Thanks,
> > Miquèl
More information about the Linux-erofs
mailing list