CVE-2024-35805 Linux CVE debrief

Who should care

Operators of Siemens SIMATIC S7-1500 TM MFP systems using the GNU/Linux subsystem; industrial control system security teams; organizations running embedded Linux with dm-snapshot on critical infrastructure

Technical summary

The vulnerability resides in dm_exception_table_exit() in the Linux kernel's Device Mapper snapshot driver. When tearing down a snapshot with numerous exceptions, the cleanup loop runs without yielding, causing a soft lockup. The upstream fix inserts cond_resched() to allow preemption. This affects embedded Linux environments including the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP programmable logic controllers. Local access with low privileges is required; no confidentiality or integrity impact, high availability impact per CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
• Only build and run applications from trusted sources on the embedded GNU/Linux environment
• Monitor for vendor security advisories from Siemens for future patch availability
• Apply defense-in-depth practices for industrial control systems per CISA guidance

Evidence notes

CVE published 2024-04-09 per CVE.org and CISA CSAF advisory ICSA-24-102-01. Siemens advisory SSA-265688 cross-referenced. CVSS 5.5 (MEDIUM) per source. CWE-667 (Improper Locking) identified. No KEV listing. No known ransomware use.

Official resources