PatchSiren cyber security CVE debrief

CVE-2024-26722 Siemens CVE debrief

A deadlock vulnerability in the Linux kernel's ASoC (ALSA System on Chip) rt5645 audio codec driver has been identified and resolved. The vulnerability exists in the `rt5645_jack_detect_work()` function, where improper locking behavior could cause a deadlock condition. This affects Siemens industrial networking products that incorporate the vulnerable kernel component, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The vulnerability was disclosed in CISA advisory ICSA-25-226-15, which was subsequently updated multiple times to correct affected product listings and incorporate the latest vendor guidance from Siemens ProductCERT. The issue has been resolved in the upstream Linux kernel. Organizations should apply vendor-provided updates and follow defense-in-depth practices for industrial control systems.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens SCALANCE X-family industrial Ethernet switches (XC-300, XR-300, XC-400, XR-500WG, XR-500, XCM, XRM, XCH, XRH-300 families) or RUGGEDCOM RST2428P devices in industrial control system environments. OT security teams, network engineers managing industrial infrastructure, and compliance personnel responsible for ICS patch management should prioritize verification of device firmware status against vendor guidance.

Technical summary

The vulnerability is a deadlock condition in the `rt5645_jack_detect_work()` function within the Linux kernel's ASoC rt5645 audio codec driver. Deadlocks in kernel workqueue functions can cause system hangs or unresponsiveness, potentially impacting availability of affected industrial networking equipment. The fix involves correcting the locking behavior in the jack detection work handler. This vulnerability affects Siemens industrial Ethernet switches that utilize the rt5645 codec in their hardware design and run SINEC OS, which is based on the Linux kernel. The CISA advisory indicates the impact assessment was categorized as 'Misinformed' in the source threat data, suggesting initial uncertainty or correction in severity assessment. Multiple advisory revisions (February 2026) corrected the affected product list and removed rejected CVEs, indicating active vendor coordination in the disclosure process.

Defensive priority

medium

Recommended defensive actions

Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM devices as specified in Siemens ProductCERT advisory SSA-613116
Verify SINEC OS version and ensure deployment of supported versions (3.1 or later for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family)
Implement network segmentation for industrial control systems to limit exposure of affected devices
Follow CISA ICS recommended practices for defense-in-depth security architecture
Monitor CISA ICS advisories for additional updates to ICSA-25-226-15

Evidence notes

The vulnerability description indicates a resolved deadlock in the Linux kernel's ASoC rt5645 driver. The CISA CSAF advisory ICSA-25-226-15 was initially published on 2025-08-12 and subsequently modified on 2026-02-12, 2026-02-24, and 2026-02-25 to correct product listings and align with Siemens ProductCERT advisory SSA-613116. The threat assessment in the source material categorizes impact as 'Misinformed' for affected product IDs. No CVSS score is available in the provided source corpus. The advisory revision history confirms this is a republication based on Siemens ProductCERT guidance.

Official resources

2025-08-12