PatchSiren cyber security CVE debrief
CVE-2024-44949 Linux CVE debrief
This CVE addresses a DMA corruption vulnerability in the PA-RISC (parisc) Linux kernel architecture. The root cause is an insufficient ARCH_DMA_MINALIGN value of 16 bytes, which can result in two unrelated 16-byte allocations sharing the same cache line. When one allocation is written via DMA and the other via cached write, DMA-written data may be corrupted. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. CISA's advisory ICSA-25-226-07, which tracks this issue as part of Siemens Third-Party Components in SINEC OS, underwent multiple revisions—most recently on 2026-02-25 to incorporate updates from Siemens ProductCERT advisory SSA-355557. Notably, the CISA advisory marks the impact as 'Misinformed' for the affected product IDs, and the source data indicates zero actually affected products despite listing product names. The CVSS v3.1 score of 5.5 (MEDIUM) reflects the potential for data integrity issues in affected systems.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking equipment with PA-RISC-based components or Linux-based SINEC OS deployments; kernel maintainers for PA-RISC architecture; OT security teams monitoring CISA ICS advisories
Technical summary
The vulnerability stems from ARCH_DMA_MINALIGN being defined as 16 bytes in the PA-RISC architecture code. This alignment value is smaller than typical cache line sizes, allowing two independent 16-byte memory allocations to occupy the same cache line. The coherency problem emerges when one allocation is accessed through DMA (bypassing CPU caches) while the other is accessed through cached CPU writes. Under these conditions, the DMA-written data can be corrupted by subsequent cache writeback operations. This is a classic cache aliasing issue that affects data integrity rather than confidentiality or availability. The fix would involve increasing ARCH_DMA_MINALIGN to match or exceed the cache line size, ensuring DMA buffers are properly isolated from other allocations.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for authoritative product impact assessment
- Verify actual affected product status given CISA's 'Misinformed' impact designation
- Apply kernel updates from Siemens if product is confirmed affected
- Monitor CISA ICS advisories for potential updates to affected product list
Evidence notes
The source CISA CSAF advisory explicitly lists the impact category as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The revision history shows the advisory was republished on 2026-02-25 based on Siemens ProductCERT SSA-355557. Despite product names being listed (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family), the affected product count is zero per the source metadata.
Official resources
-
CVE-2024-44949 CVE record
CVE.org
-
CVE-2024-44949 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12