PatchSiren cyber security CVE debrief
CVE-2024-26704 Siemens CVE debrief
A double-free vulnerability in the Linux kernel's ext4 filesystem driver, specifically in extent handling code, has been identified and resolved. The flaw occurs due to incorrect tracking of moved_len during extent manipulation operations, which can lead to the same blocks being freed twice. This vulnerability affects Siemens industrial networking products that utilize the vulnerable Linux kernel version, including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The issue was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, to correct affected product listings and remove rejected CVEs. The vulnerability has been addressed through kernel patches that correct the extent moved_len calculation to prevent double-free conditions.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches. System administrators responsible for maintaining SINEC OS deployments in industrial control environments. Security teams monitoring Linux kernel vulnerabilities affecting embedded and industrial systems. Asset owners requiring filesystem integrity assurance in critical infrastructure applications.
Technical summary
The vulnerability exists in the Linux kernel's ext4 filesystem implementation, specifically in the extent manipulation code path. When handling extent movements, an incorrect value in the moved_len field can cause the same disk blocks to be marked for deallocation twice, resulting in a double-free memory corruption condition. This flaw can lead to filesystem corruption, potential data loss, or system instability. The affected code path is triggered during specific filesystem operations involving extent reorganization. Siemens industrial networking products incorporating the vulnerable kernel version are exposed to this risk, necessitating firmware updates to remediate the underlying kernel defect.
Defensive priority
high
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM devices as specified in Siemens ProductCERT advisory SSA-613116
- Verify SINEC OS version and ensure deployment of kernel patches addressing the ext4 extent handling flaw
- Review filesystem integrity on affected systems that may have encountered the vulnerable code path
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Monitor vendor security advisories for additional product-specific guidance
Evidence notes
The vulnerability description indicates a double-free condition in ext4 extent handling due to incorrect moved_len tracking. The source advisory (ICSA-25-226-15) underwent multiple revisions: initial publication (2025-08-12), correction of affected products (2026-02-12), removal of rejected CVEs and unsupported version notes (2026-02-24), and final republication based on Siemens SSA-613116 (2026-02-25). The threat assessment categorizes impact as 'Misinformed' for affected product IDs. Siemens ProductCERT advisory SSA-613116 provides authoritative vendor guidance.
Official resources
-
CVE-2024-26704 CVE record
CVE.org
-
CVE-2024-26704 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12