PatchSiren cyber security CVE debrief
CVE-2024-26772 Siemens CVE debrief
A race condition in the Linux kernel ext4 filesystem block allocator could allow allocation from groups with corrupted block bitmaps. The vulnerability exists in ext4_mb_find_by_goal() where the check for a corrupted group block bitmap was not protected by the group lock, potentially permitting block allocation from corrupted groups. Siemens has assessed this vulnerability as 'Misinformed' for affected industrial networking products, indicating the reported impact does not apply to their specific product configurations. The vulnerability was originally resolved in the Linux kernel by moving the corruption check logic under the protection of the group lock.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial networking equipment should review this advisory. While Siemens has assessed the impact as 'Misinformed,' security teams in OT/ICS environments should verify their device firmware versions and follow vendor guidance. Linux kernel maintainers and distributions should ensure the upstream fix is applied.
Technical summary
The vulnerability is a race condition in the Linux kernel ext4 filesystem's multiblock allocator. Specifically, in ext4_mb_find_by_goal(), the check for whether a group's block bitmap is corrupted was not performed under the protection of the group lock. This timing window could allow the allocator to proceed with block allocation from a group whose block bitmap is corrupted. The fix places the corruption check logic under the protection of the group lock, ensuring that the check and subsequent allocation decision are atomic with respect to group state changes. Siemens has assessed this vulnerability as 'Misinformed' for their affected industrial networking products, indicating that the reported vulnerability characteristics do not apply to their specific implementations or configurations.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for product-specific impact assessment
- Verify SINEC OS and SCALANCE/RUGGEDCOM device firmware versions against vendor guidance
- Apply vendor-provided patches or updates when available per Siemens security advisory
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-15. Siemens ProductCERT advisory SSA-613116 is the authoritative source. Siemens threat assessment categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0001, CSAFPID-0003, and CSAFPID-0004. The underlying Linux kernel vulnerability was resolved by placing the block bitmap corruption check under group lock protection in ext4_mb_find_by_goal().
Official resources
-
CVE-2024-26772 CVE record
CVE.org
-
CVE-2024-26772 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12