PatchSiren cyber security CVE debrief
CVE-2023-52504 Siemens CVE debrief
CVE-2023-52504 is a Linux kernel vulnerability affecting the x86/alternatives subsystem. The issue was resolved by disabling Kernel Address Sanitizer (KASAN) in the apply_alternatives() function. KASAN is a dynamic memory error detector for the Linux kernel; when active during alternative instruction patching, it could interfere with the low-level code modification process that occurs during early boot or module loading. The vulnerability was published on August 12, 2025, with subsequent modifications through February 25, 2026. Siemens has identified this CVE as affecting industrial networking products including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The CISA advisory ICSA-25-226-15, republished on February 25, 2026, incorporates updates from Siemens ProductCERT advisory SSA-613116. Notably, the threat assessment in the source material categorizes the impact as 'Misinformed' for the affected product IDs, suggesting potential discrepancies in initial severity assessment or affected version identification. The advisory history indicates iterative corrections, including the removal of rejected CVEs and clarification that no SINEC OS versions below 3.1 are supported for certain SCALANCE families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE X-family switches and RUGGEDCOM devices, particularly those in critical infrastructure sectors. System administrators responsible for firmware maintenance on OT/ICS networks should prioritize vendor guidance.
Technical summary
The vulnerability exists in the Linux kernel's x86 alternative instruction patching mechanism. The apply_alternatives() function performs runtime code modification to patch alternative instructions based on CPU capabilities. When Kernel Address Sanitizer (KASAN) is enabled, its instrumentation can interfere with this low-level code patching process. The resolution disables KASAN specifically within apply_alternatives() to prevent such interference. This is a defensive hardening measure rather than an exploitable memory safety vulnerability in the traditional sense.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Verify SINEC OS version on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family devices
- Apply vendor-provided firmware updates when available
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Evidence notes
The vulnerability description indicates a kernel-level fix in x86/alternatives. The source CSAF document from CISA (ICSA-25-226-15) references Siemens ProductCERT advisory SSA-613116. The threat category 'Misinformed' in the source data suggests the initial impact assessment may have been incorrect. Revision history shows multiple updates correcting affected product lists and removing rejected CVEs.
Official resources
-
CVE-2023-52504 CVE record
CVE.org
-
CVE-2023-52504 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12