CVE-2024-50265 Linux CVE debrief

Who should care

Linux system administrators managing cluster filesystems; security teams tracking kernel vulnerabilities; industrial control system operators using Siemens SCALANCE and RUGGEDCOM products (noting the misinformed classification)

Technical summary

The vulnerability exists in the ocfs2_xa_remove() function of the OCFS2 (Oracle Cluster File System 2) Linux kernel module. A null-pointer-dereference can be triggered, potentially leading to denial of service through system crash. The issue was identified through automated kernel fuzzing with Syzkaller. However, the authoritative source advisory marks this CVE as 'Misinformed' for the affected Siemens product lines (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family), indicating the products are not actually vulnerable to this issue despite initial inclusion in the advisory.

Defensive priority

low

Recommended defensive actions

• Verify that OCFS2 filesystem support is not enabled or loaded on any Linux-based systems in your environment, particularly those handling cluster storage
• Review kernel configurations to ensure OCFS2 modules are disabled if not required for operational purposes
• Apply standard kernel security updates through your distribution's normal patching cycle
• Monitor for any future reclassification of this CVE's impact on industrial control system products

Evidence notes

The source advisory (ICSA-25-226-07) explicitly categorizes this CVE's impact as 'Misinformed' for the affected product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). The vulnerability description references Syzkaller fuzzing of the Linux kernel OCFS2 filesystem, which is not typically deployed on Siemens industrial network devices. The advisory revision history shows this CVE was retained while other rejected CVEs were removed in the 2026-02-24 update.

Official resources