CVE-2024-33847 Linux CVE debrief

Who should care

Industrial control system operators, OT security teams, and asset owners deploying Siemens SIMATIC S7-1500 TM MFP with enabled GNU/Linux subsystem functionality

Technical summary

The vulnerability exists in the F2FS filesystem compression code path. When a compressed inode undergoes partial truncation, the implementation assumes reserved blocks are present. However, the valid block count may change without proper synchronization of the .i_blocks and .total_valid_block_count fields, resulting in metadata inconsistency and potential filesystem image corruption. This affects the GNU/Linux subsystem running on Siemens SIMATIC S7-1500 TM MFP programmable logic controllers.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Only build and execute applications from trusted sources
• Monitor for anomalous filesystem behavior or corruption indicators on affected devices
• Apply vendor patches when released by Siemens
• Implement defense-in-depth strategies per CISA ICS recommended practices

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-102-01, which references Siemens security advisory SSA-265688. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) indicates local attack vector, low attack complexity, no privileges required, user interaction required, with high availability impact. The source document explicitly states 'Currently no fix is available' as of its last revision.

Official resources