PatchSiren cyber security CVE debrief
CVE-2024-49892 Linux CVE debrief
CVE-2024-49892 is a divide-by-zero vulnerability in the Linux kernel's AMD display driver (drm/amd/display). The root cause was that get_bytes_per_element() could return 0 as a default value, which then became a denominator in subsequent calculations. The fix initializes the default return value to 1 instead of 0. This vulnerability was identified through Coverity static analysis, which flagged 10 separate DIVIDE_BY_ZERO issues related to this code path. The vulnerability affects bytes_per_element_y and bytes_per_element_c variables used in display processing calculations.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE families) running SINEC OS or Linux-based firmware; OT security teams managing AMD-based industrial systems with display capabilities; Linux kernel maintainers for embedded/OT systems using AMD graphics
Technical summary
The vulnerability exists in the drm/amd/display component of the Linux kernel. The function get_bytes_per_element() was returning 0 as a default value when unable to determine bytes per element. This return value was subsequently used as a denominator in calculations involving bytes_per_element_y and bytes_per_element_c variables, leading to potential divide-by-zero conditions. The fix changes the default return value from 0 to 1, ensuring safe denominator values. Coverity static analysis identified 10 distinct code paths where this issue could manifest. While the CISA advisory lists Siemens industrial networking products, the threat categorization of 'Misinformed' suggests these products may incorporate the Linux kernel without the vulnerable AMD display driver, or the vulnerability assessment for these specific products was corrected in subsequent advisory revisions.
Defensive priority
medium
Recommended defensive actions
- Verify whether deployed Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) actually incorporates the vulnerable AMD/
- Review Linux kernel version running on affected Siemens devices and confirm whether drm/amd/display driver is present and active
- Apply vendor-provided firmware updates from Siemens ProductCERT when available, per SSA-355557
- For systems confirmed to use AMD graphics with the vulnerable driver, prioritize kernel updates that include the fix for get_bytes_per_element() default initialization
- Implement network segmentation for industrial control systems per CISA recommended practices to limit exposure of potentially vulnerable devices
- Monitor for anomalous behavior in display subsystem operations that could indicate exploitation attempts
Evidence notes
The vulnerability description indicates this was resolved in the Linux kernel with a fix that changes the default return value of get_bytes_per_element() from 0 to 1. The source advisory (ICSA-25-226-07) from CISA covers Siemens Third-Party Components in SINEC OS and references this CVE. However, the threat assessment in the source material categorizes the impact as 'Misinformed' for the listed Siemens products, suggesting these products may not actually be affected by this specific vulnerability despite being listed in the advisory. The advisory has undergone multiple revisions, with the most recent on 2026-02-25 clarifying affected configurations and removing rejected CVEs.
Official resources
-
CVE-2024-49892 CVE record
CVE.org
-
CVE-2024-49892 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12