PatchSiren cyber security CVE debrief
CVE-2024-42259 Linux CVE debrief
A boundary calculation error in the Linux kernel's Intel i915 graphics driver (drm/i915/gem) can cause page fault access when handling Virtual Memory mappings. The vulnerability stems from incorrect size calculation when mapping GPU memory regions, where the code used the lesser of requested versus actual size without accounting for partial mapping offsets. This local attack vector requires low privileges and no user interaction, resulting in a medium-severity denial-of-service condition. The issue was resolved by recalculating mapped region boundaries using proper start/end address differences rather than simple minimum value comparisons. Siemens has identified this vulnerability as affecting the GNU/Linux subsystem within SIMATIC S7-1500 TM MFP industrial control devices, which incorporate Intel graphics components. No patch is currently available from Siemens; mitigation relies on restricting interactive shell access to trusted personnel and ensuring only trusted applications are executed on affected systems.
- Vendor
- Linux
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators deploying Siemens SIMATIC S7-1500 TM MFP with activated GNU/Linux subsystem; security teams managing embedded Linux environments with Intel graphics; OT security practitioners implementing defense-in-depth for ICS devices with auxiliary compute subsystems
Technical summary
The vulnerability exists in the drm/i915/gem kernel module responsible for Intel graphics memory management. When userspace requests a GPU memory mapping, the original code calculated mapped region size as min(requested_size, actual_size), failing to incorporate the partial mapping offset into boundary computations. This arithmetic error produces incorrect virtual address range calculations, leading to page faults when the GPU memory manager attempts to access pages outside valid mapped regions. The fix restructures calculations to derive total mapped size from end_address minus start_address, ensuring offset-aware boundary determination. The flaw is exploitable locally with low privileges and requires no user interaction, manifesting as system instability or denial-of-service through kernel page fault handling.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Ensure only applications from trusted sources are built and executed on affected systems
- Monitor for Siemens security advisory SSA-265688 updates regarding patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for securing embedded Linux subsystems in industrial environments
Evidence notes
CVE description confirms Linux kernel drm/i915/gem Virtual Memory mapping boundary calculation flaw causing page fault access. CISA CSAF advisory ICSA-24-102-01 identifies Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem as affected product. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H yields 5.5 medium severity. Advisory revision history shows initial publication 2024-04-09 with multiple subsequent releases adding related CVEs through 2025-09-09. Siemens remediation status indicates no fix currently available with mitigation guidance provided.
Official resources
-
CVE-2024-42259 CVE record
CVE.org
-
CVE-2024-42259 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09