CVE-2024-26671 Linux CVE debrief

Who should care

System administrators managing Linux-based industrial networking equipment, particularly Siemens SCALANCE and RUGGEDCOM product families; security teams responsible for OT/ICS infrastructure; organizations running storage-intensive workloads on Linux kernels with blk-mq enabled

Technical summary

The vulnerability exists in the Linux kernel's block multi-queue (blk-mq) I/O scheduling subsystem. A race condition in the sparse bitmap (sbitmap) wakeup mechanism can prevent proper wake-up of I/O request processing, causing indefinite hangs. The sbitmap is used to allocate and manage tags for I/O requests; when the wakeup race occurs, threads waiting for available tags may never be signaled, resulting in stalled I/O operations. This affects systems using blk-mq for NVMe, SCSI, or other block devices. The fix resolves the synchronization issue in the sbitmap wakeup path to ensure reliable I/O completion.

Defensive priority

medium

Recommended defensive actions

• Verify Linux kernel version and apply vendor-provided patches if running affected Siemens industrial networking products
• Review storage subsystem logs for unexplained I/O latency or hang conditions
• Monitor for kernel updates addressing blk-mq race conditions in sbitmap wakeup handling
• Consult Siemens ProductCERT advisory SSA-613116 for definitive product impact assessment
• Implement defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The source advisory (ICSA-25-226-15) indicates this CVE was initially included in the affected products list but was subsequently moved to 'Known Not Affected Products' per the revision history dated 2026-02-12. The threat category is marked as 'Misinformed' in the source data, suggesting the initial assessment of impact was incorrect. The advisory was republished on 2026-02-25 based on Siemens ProductCERT SSA-613116.

Official resources