PatchSiren cyber security CVE debrief
CVE-2023-52654 Linux CVE debrief
This CVE addresses a vulnerability in the Linux kernel's io_uring subsystem related to AF_UNIX sockets. The fix disables the ability to send io_uring file descriptors over Unix domain sockets, which could potentially be exploited to manipulate or corrupt kernel memory structures. The vulnerability was resolved by preventing this specific capability in the kernel's networking code. Siemens has assessed this CVE as 'Misinformed' for their affected industrial control system products, indicating the vulnerability does not actually impact these systems as initially reported. The advisory was first published by CISA on August 12, 2025, and subsequently updated multiple times through February 25, 2026, with the most recent revision correcting product impact assessments and removing rejected CVEs from related advisories.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Linux systems with io_uring enabled and AF_UNIX socket usage should verify kernel patch status. Industrial operators using Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P devices should note the vendor's 'Misinformed' assessment but maintain standard security practices.
Technical summary
The vulnerability exists in the Linux kernel's io_uring asynchronous I/O interface when combined with AF_UNIX socket operations. The kernel fix prevents sending io_uring file descriptors over Unix domain sockets, which could otherwise lead to use-after-free or memory corruption conditions. The specific technical mechanism involves restricting SCM_RIGHTS-style file descriptor passing for io_uring instances. Siemens products running SINEC OS and SCALANCE network devices were initially assessed but subsequently determined to be not affected ('Misinformed' impact rating).
Defensive priority
low
Recommended defensive actions
- Verify current SINEC OS and SCALANCE firmware versions against vendor security advisories
- Review Siemens ProductCERT SSA-613116 for definitive product impact assessments
- Apply standard defense-in-depth practices for industrial control systems per CISA guidance
- Monitor CISA ICS advisories for future updates to this vulnerability assessment
Evidence notes
The source advisory explicitly categorizes the impact of this CVE as 'Misinformed' for all listed Siemens product IDs (CSAFPID-0001, CSAFPID-0003, CSAFPID-0004). The Linux kernel fix description indicates the vulnerability was resolved by disabling io_uring transmission over AF_UNIX sockets. No CVSS score or severity rating is provided in the source material.
Official resources
-
CVE-2023-52654 CVE record
CVE.org
-
CVE-2023-52654 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This CVE was disclosed via CISA ICS advisory ICSA-25-226-15, which was republished based on Siemens ProductCERT advisory SSA-613116. The advisory underwent multiple revisions to correct affected product listings and remove rejected CVEs.