CVE-2024-26790 Linux CVE debrief

Who should care

Organizations operating Siemens industrial networking equipment (SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, RUGGEDCOM RST2428P) running SINEC OS should verify their security posture against vendor guidance, though this specific CVE is assessed as not applicable to these products.

Technical summary

The vulnerability exists in the Freescale QDMA (Queue-based Direct Memory Access) engine driver within the Linux kernel. Specifically, 16-byte unaligned read operations could trigger SoC hangs. The fix ensures proper handling of unaligned memory access in the DMA engine. While the underlying kernel vulnerability is real, Siemens has determined that their specific product implementations (SINEC OS-based devices including SCALANCE and RUGGEDCOM families) are not affected by this issue, marking it as 'Misinformed' in their security assessment.

Defensive priority

low

Recommended defensive actions

• Verify SINEC OS and SCALANCE/RUGGEDCOM device firmware versions against vendor security advisory SSA-613116
• Apply Siemens-recommended patches or updates if applicable to your product deployment
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Monitor Siemens ProductCERT advisories for any future reassessment of this CVE

Evidence notes

The source advisory (ICSA-25-226-15) explicitly categorizes the impact of this CVE as 'Misinformed' for all listed Siemens product IDs (CSAFPID-0001, CSAFPID-0003, CSAFPID-0004). The vulnerability description indicates a kernel-level DMA engine issue that was resolved upstream. The advisory was republished by CISA on 2026-02-25 based on Siemens ProductCERT SSA-613116.

Official resources