PatchSiren cyber security CVE debrief
CVE-2024-44969 Linux CVE debrief
This CVE describes a vulnerability in the s390/sclp (System z Service Call Logical Processor) Linux kernel subsystem. The issue involves a potential data corruption scenario that could occur if a Store Data operation is interrupted and the subsequent halt attempt fails. The resolution prevents the release of data buffers in such failure cases to maintain data integrity. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026. Notably, CISA's advisory revision history indicates this CVE was initially included in affected product listings but was subsequently moved to 'Known Not Affected Products' for Siemens industrial networking equipment, with the threat category marked as 'Misinformed' in the source CSAF data.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating IBM System z (s390x) mainframes with Linux; kernel maintainers for s390 architecture; Siemens industrial network infrastructure operators (though reclassified as not affected); ICS security practitioners tracking third-party component advisories
Technical summary
The vulnerability exists in the s390/sclp kernel driver, which provides an interface to the Service Call Logical Processor on IBM System z mainframes. The SCLP facility handles various system services including Store Data operations. The flaw occurs when: (1) a Store Data operation is initiated, (2) the operation is interrupted, and (3) the halt attempt subsequently fails. In this error path, data buffers could be incorrectly released, leading to potential data corruption. The fix ensures data buffers are retained when halt attempts fail, preserving data integrity. This is a low-level hardware abstraction layer issue specific to the s390 architecture.
Defensive priority
low
Recommended defensive actions
- Verify whether your organization operates IBM System z (s390x) mainframe infrastructure with Linux workloads using SCLP Store Data operations
- Review kernel patch levels for s390/sclp subsystem fixes addressing buffer release on failed halt attempts
- For Siemens industrial networking products (SCALANCE, RUGGEDCOM), confirm current advisory status via Siemens ProductCERT as this CVE has been reclassified as not affecting these products
- Apply standard defense-in-depth practices for industrial control systems per CISA guidance
- Monitor kernel security mailing lists (linux-s390, linux-kernel) for upstream patch availability and backport status
Evidence notes
The source CSAF advisory (ICSA-25-226-07) from CISA documents this CVE in the context of Siemens Third-Party Components in SINEC OS. The revision history shows significant changes: initial publication (2025-08-12), corrections to affected products (2026-02-12), and clarification that certain product families were not actually affected (2026-02-24). The 'threats' field explicitly categorizes impact as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. Siemens ProductCERT advisory SSA-355557 is the authoritative source for product impact determination.
Official resources
-
CVE-2024-44969 CVE record
CVE.org
-
CVE-2024-44969 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12