CVE-2024-26697 Siemens CVE debrief

Who should care

Organizations running Linux systems with nilfs2 filesystem on small block size configurations; operators of Siemens industrial networking equipment previously listed as affected

Technical summary

CVE-2024-26697 is a vulnerability in the Linux kernel's nilfs2 (NILFS2 log-structured filesystem) that could result in data corruption during dsync block recovery when small block sizes are used. The vulnerability was resolved in the Linux kernel. Siemens ProductCERT has assessed this CVE as 'Misinformed' for its RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family products, indicating the vulnerability does not actually affect these systems as initially reported. The CISA advisory was republished on February 25, 2026 based on updated Siemens guidance.

Defensive priority

low

Recommended defensive actions

• Verify nilfs2 filesystem is not in use on affected systems if running Linux kernel versions prior to the fix
• Review Siemens ProductCERT advisory SSA-613116 for current product impact assessment
• Apply kernel updates from Linux distribution vendor if nilfs2 filesystem is required
• Monitor CISA ICS advisories for any future changes to impact assessment

Evidence notes

The CISA CSAF advisory ICSA-25-226-15, republished on 2026-02-25 based on Siemens ProductCERT SSA-613116, lists this CVE with threat category 'impact' and details 'Misinformed' for product IDs CSAFPID-0001, CSAFPID-0004, and CSAFPID-0003. The original Linux kernel fix addressed data corruption in nilfs2 dsync block recovery for small block sizes. Siemens revision history shows corrections to affected products list and removal of rejected CVEs in subsequent updates.

Official resources