PatchSiren cyber security CVE debrief
CVE-2024-50282 Linux CVE debrief
CVE-2024-50282 describes a missing size check in the `amdgpu_debugfs_gprwave_read()` function within the Linux kernel's AMDGPU DRM driver. The vulnerability could allow a buffer overflow when the size parameter exceeds 4KB. However, the CISA CSAF advisory ICSA-25-226-07 (republished 2026-02-25) explicitly marks this CVE as **Misinformed** for Siemens products, indicating the vulnerability does not actually affect the listed Siemens industrial control system products. The advisory was initially published 2025-08-12 and underwent multiple revisions, with the most recent update correcting product status and removing rejected CVEs. No CVSS score or severity is available in the source corpus.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Linux systems with AMD GPUs should verify kernel versions; organizations with Siemens industrial networking equipment can deprioritize this CVE per CISA guidance
Technical summary
The vulnerability exists in `amdgpu_debugfs_gprwave_read()` in the Linux kernel's AMDGPU DRM driver, where a missing size check could permit buffer overflow for reads exceeding 4KB. This is a debugfs interface issue affecting AMD GPU kernel drivers. The CISA advisory indicates this CVE was incorrectly associated with Siemens industrial products and should be considered non-applicable to the listed SCALANCE and RUGGEDCOM devices.
Defensive priority
low
Recommended defensive actions
- Verify no Linux-based systems with AMD GPUs in ICS environment use the affected kernel version
- Review Siemens SSA-355557 for authoritative product-specific guidance
- Apply standard kernel update practices if AMDGPU driver is present in environment
- Document this CVE as non-applicable for listed Siemens industrial products per CISA advisory
Evidence notes
The source advisory explicitly categorizes this CVE's impact as 'Misinformed' for the affected product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). The CVE description references a Linux kernel AMDGPU driver issue, which appears unrelated to the Siemens industrial networking products listed in the advisory. The 2026-02-25 republication updated the advisory based on Siemens ProductCERT SSA-355557.
Official resources
-
CVE-2024-50282 CVE record
CVE.org
-
CVE-2024-50282 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12