PatchSiren cyber security CVE debrief
CVE-2024-46822 Linux CVE debrief
This CVE addresses a hardening deficiency in the Linux kernel's ARM64 ACPI implementation. The function `get_cpu_for_acpi_id()` lacked proper validation when encountering missing CPU entries in the ACPI tables, which could lead to undefined behavior or system instability on ARM64 platforms using ACPI firmware. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has assessed this CVE as 'Misinformed' for their affected product lines, indicating the vulnerability does not actually impact the specified products as initially believed. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices; operators of ARM64-based industrial systems using ACPI firmware; Linux kernel maintainers for ARM64 platforms; ICS security practitioners tracking third-party component vulnerabilities in industrial networking equipment
Technical summary
CVE-2024-46822 identifies a hardening gap in the Linux kernel's ARM64 ACPI subsystem. The `get_cpu_for_acpi_id()` function, responsible for mapping ACPI processor IDs to Linux CPU numbers, did not adequately handle cases where a CPU entry was missing from the ACPI tables. This could result in out-of-bounds access or null pointer dereference conditions during system initialization or hotplug operations on ARM64 platforms. The fix involves adding validation checks to ensure the CPU entry exists before dereferencing. Siemens has evaluated this CVE against their industrial networking products and determined it to be 'Misinformed'—meaning the vulnerability as described does not apply to their specific product configurations or the initial assessment was incorrect.
Defensive priority
low
Recommended defensive actions
- Verify that affected Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) are running current firmware as advised by西门子
- Monitor Siemens ProductCERT advisory SSA-355557 for any reassessment of this CVE
- Apply standard ICS defense-in-depth practices per CISA guidance for industrial control systems
- Review kernel hardening practices on any custom ARM64 ACPI-based deployments outside the Siemens product scope
Evidence notes
The source advisory (ICSA-25-226-07) explicitly categorizes the impact of this CVE as 'Misinformed' for all listed product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). The CVE description indicates a kernel-level hardening issue in ARM64 ACPI CPU mapping. No CVSS score or severity is available in the source data. The advisory has undergone four revisions, with the most recent on 2026-02-25 reflecting updates based on Siemens ProductCERT SSA-355557.
Official resources
-
CVE-2024-46822 CVE record
CVE.org
-
CVE-2024-46822 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12