CVE-2023-52818 Siemens CVE debrief

Who should care

Organizations running Linux systems with AMD GPUs using the SMU7 driver should ensure kernel patches are applied. Users of Siemens RUGGEDCOM and SCALANCE industrial networking equipment can disregard this CVE per vendor assessment.

Technical summary

The vulnerability exists in the Linux kernel's Direct Rendering Manager (DRM) subsystem for AMD GPUs, specifically in the SMU7 (System Management Unit 7) driver code. An array-index-out-of-bounds condition was identified and resolved. The UBSAN (Undefined Behavior Sanitizer) detected this issue, indicating potential undefined behavior that could lead to memory corruption or system instability. Siemens has determined this CVE does not affect their industrial networking products (RUGGEDCOM RST2428P, SCALANCE families), classifying it as 'Misinformed' in their security advisory.

Defensive priority

low

Recommended defensive actions

• Verify Linux kernel version on AMD GPU systems and apply vendor-provided kernel updates containing the drm/amd SMU7 fix
• For Siemens RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, no action required per vendor assessment
• Review CISA ICS recommended practices for industrial control system security posture
• Monitor vendor security advisories for any reassessment of impact

Evidence notes

CVE published 2025-08-12. Siemens ProductCERT advisory SSA-613116 (via CISA ICSA-25-226-15) lists this CVE as 'Misinformed' impact for affected product families, indicating the vulnerability does not actually affect these products. The underlying Linux kernel issue was resolved in drm/amd SMU7 driver.

Official resources