PatchSiren cyber security CVE debrief
CVE-2024-42114 Linux CVE debrief
CVE-2024-42114 is a medium-severity vulnerability (CVSS 3.1: 4.4) in the Linux kernel's cfg80211 wireless configuration subsystem. The flaw involves improper restriction of NL80211_ATTR_TXQ_QUANTUM values, which can lead to denial of service conditions. The vulnerability was published on April 9, 2024, and affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. No fix is currently available from the vendor. The vulnerability requires local access and high privileges to exploit, limiting its attack surface but maintaining relevance for multi-user or compromised-device scenarios in industrial environments.
- Vendor
- Linux
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with the GNU/Linux subsystem enabled; OT security teams managing wireless-enabled industrial devices; asset owners awaiting vendor patches for embedded Linux components; compliance teams tracking unpatched medium-severity CVEs in critical infrastructure environments.
Technical summary
The vulnerability exists in the cfg80211 subsystem of the Linux kernel, which provides the configuration interface for wireless devices. The NL80211_ATTR_TXQ_QUANTUM attribute, used for configuring transmit queue quantum values in wireless traffic scheduling, lacks proper input validation. An attacker with local access and high privileges (typically root or CAP_NET_ADMIN) can supply malformed or out-of-range quantum values that cause resource exhaustion, scheduling failures, or kernel instability. The CVSS vector (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) indicates this is a local attack requiring high privileges, with availability impact as the primary concern. No confidentiality or integrity impacts are associated. The flaw is classified under CWE-667 (Improper Locking) based on reference data.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application allowlisting: build and run only from trusted sources
- Monitor for anomalous local privilege escalation attempts on affected devices
- Apply defense-in-depth controls per ICS-CERT recommended practices pending vendor patch
- Review network segmentation to limit lateral movement from compromised endpoints
Evidence notes
CVE published 2024-04-09 per official CVE record. CISA CSAF advisory ICSA-24-102-01 published same date. Siemens SSA-265688 cross-referenced. CVSS vector AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with high privilege requirement, no confidentiality or integrity impact, high availability impact. No KEV listing. No known ransomware campaign use documented.
Official resources
-
CVE-2024-42114 CVE record
CVE.org
-
CVE-2024-42114 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09