PatchSiren cyber security CVE debrief
CVE-2024-42090 Linux CVE debrief
A deadlock vulnerability exists in the Linux kernel's pinctrl subsystem within the create_pinctrl() function. The issue arises from improper mutex handling when add_setting() returns -EPROBE_DEFER, causing create_pinctrl() to call pinctrl_free() while still holding pinctrl_maps_mutex. Since pinctrl_free() attempts to acquire the same mutex, this creates a classic lock-order violation resulting in potential deadlock. This vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems running the GNU/Linux subsystem. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in high availability impact. No confidentiality or integrity impacts are associated with this vulnerability.
- Vendor
- Linux
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
System administrators and security engineers responsible for Siemens SIMATIC S7-1500 TM MFP deployments in industrial environments, OT security teams managing PLC and industrial automation infrastructure, and organizations operating critical infrastructure with embedded Linux subsystems in industrial control devices.
Technical summary
The vulnerability exists in the kernel's pin control (pinctrl) subsystem. The create_pinctrl() function acquires pinctrl_maps_mutex before invoking add_setting(). When add_setting() returns -EPROBE_DEFER (indicating a driver probe deferral), create_pinctrl() proceeds to call pinctrl_free() for cleanup. However, pinctrl_free() internally attempts to acquire pinctrl_maps_mutex, which is already held by the calling create_pinctrl() function. This creates a recursive mutex acquisition scenario that results in deadlock. The -EPROBE_DEFER return code is commonly used in the Linux driver model to indicate that a driver cannot proceed due to missing dependencies, with the expectation that probing will be retried later. The improper cleanup path in this error handling case fails to release the mutex before calling the free function.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Ensure only applications from trusted sources are built and executed on affected systems
- Monitor for vendor security updates from Siemens for patch availability
- Apply defense-in-depth strategies for industrial control system environments per CISA guidance
- Review and implement ICS-CERT recommended practices for securing industrial control systems
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-24-102-01, which references Siemens security advisory SSA-265688. The CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H is provided in the source advisory. The affected product is confirmed as SIMATIC S7-1500 TM MFP - GNU/Linux subsystem per the CSAF product tree. No known exploitation in the wild has been reported, and this vulnerability is not listed in CISA KEV.
Official resources
-
CVE-2024-42090 CVE record
CVE.org
-
CVE-2024-42090 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2024-42090 was published on 2024-04-09 and last modified on 2026-05-14. The vulnerability was disclosed through coordinated disclosure via CISA ICS advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. The advisory has been.