PatchSiren cyber security CVE debrief
CVE-2022-48772 Siemens CVE debrief
A null-pointer dereference vulnerability exists in the Linux kernel's lgdt3306a media driver. The flaw occurs in the lgdt3306a_probe function when the driver fails to validate whether platform_data is provided by the client before passing it to kmemdup. This results in a kernel crash when attempting to read from address 0x0000000000000000, as detected by KASAN. The vulnerability was resolved by adding a null-pointer check for platform_data. Siemens has identified this issue as affecting certain industrial networking products running SINEC OS, with a vendor fix available in version 3.1 or later. The CVSS 3.1 vector indicates network attack vector with high attack complexity, requiring no privileges and user interaction, with no impact to confidentiality, integrity, or availability in the scored configuration.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SINEC OS-based industrial networking infrastructure, including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices and RUGGEDCOM RST2428P switches. System administrators maintaining Linux-based embedded systems with lgdt3306a media drivers should also prioritize this update. Industrial control system operators following CISA guidance for critical infrastructure protection should review this advisory as part of vulnerability management programs.
Technical summary
The lgdt3306a kernel driver for LG Electronics LGDT3306A ATSC/QAM-B demodulator chips contains a null-pointer dereference vulnerability in its probe function. When an I2C client device is probed without providing platform_data, the driver passes a null pointer to kmemdup, triggering a kernel panic. The KASAN report shows a read of 40 bytes at address 0x0. The fix involves adding a validation check for platform_data before memory duplication. This vulnerability affects embedded Linux systems using the lgdt3306a driver, including specific Siemens industrial networking equipment running SINEC OS.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS version 3.1 or later for affected Siemens industrial networking products
- Review kernel driver configurations to ensure proper platform_data initialization for I2C devices
- Monitor system logs for KASAN null-pointer dereference reports indicating potential exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The vulnerability description includes a KASAN bug report showing a null-pointer dereference in kmemdup+0x30/0x40 during lgdt3306a_probe execution. The call trace confirms the issue originates from i2c_device_probe invoking lgdt3306a_probe, which then calls kmemdup without validating platform_data. Siemens ProductCERT advisory SSA-613116 provides the vendor remediation guidance. CISA advisory ICSA-25-226-15 republishes this information for industrial control systems. The source indicates one product (RUGGEDCOM RST2428P) is affected, while another product family (SCALANCE XCM-/XRM-/XCH-/XRH-300) is marked as 'Misinformed' in the impact assessment.
Official resources
-
CVE-2022-48772 CVE record
CVE.org
-
CVE-2022-48772 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12