PatchSiren cyber security CVE debrief
CVE-2024-42096 Linux CVE debrief
CVE-2024-42096 is a medium-severity vulnerability (CVSS 5.1) in the Linux kernel affecting Siemens SIMATIC S7-1500 TM MFP industrial control systems with GNU/Linux subsystem. The vulnerability, published April 9, 2024, involves unsafe stack manipulation in the x86 `profile_pc()` function that could lead to out-of-bounds read conditions. The issue was resolved in the upstream Linux kernel by eliminating stack-based games in the profiling code. Siemens has confirmed this affects their industrial automation platform but has not released a patch as of the last advisory update (June 10, 2025). The vulnerability requires local access with high privileges, limiting exploitability but presenting availability risks in operational technology environments.
- Vendor
- Linux
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security engineers, Siemens SIMATIC platform administrators, manufacturing security teams, and organizations running embedded Linux systems in operational technology environments should prioritize awareness of this vulnerability given the lack of available patches and the criticality of availability in industrial settings.
Technical summary
The vulnerability exists in the Linux kernel's x86 architecture-specific `profile_pc()` function, which is used for program counter sampling during profiling. The function previously performed unsafe stack manipulation ('stack games') that could result in out-of-bounds memory access. This represents a CWE-125 (Out-of-bounds Read) condition. The CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H) indicates local attack vector, low attack complexity, high privileges required, no user interaction, with impacts to confidentiality (low) and availability (high). On affected Siemens SIMATIC S7-1500 TM MFP systems, exploitation could cause denial of service conditions in the GNU/Linux subsystem. The upstream kernel fix eliminates the problematic stack operations.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting - only build and run applications from trusted sources
- Monitor for Siemens security advisories for future patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Segment OT networks to limit lateral movement from compromised endpoints
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue in x86 architecture code. CVSS vector confirms local attack vector with high privileges required. Siemens advisory ICSA-24-102-01 explicitly lists this CVE with no fix available status. The GNU/Linux subsystem on SIMATIC S7-1500 TM MFP represents an embedded industrial platform where kernel-level vulnerabilities can impact operational availability.
Official resources
-
CVE-2024-42096 CVE record
CVE.org
-
CVE-2024-42096 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This vulnerability was disclosed through coordinated disclosure via CISA and Siemens ProductCERT. The advisory has been updated nine times since initial publication, most recently on September 9, 2025, to include additional related CVEs. No