PatchSiren cyber security CVE debrief
CVE-2024-26793 Siemens CVE debrief
This CVE addresses a use-after-free and null-pointer dereference vulnerability in the Linux kernel's GTP (GPRS Tunneling Protocol) driver, specifically within the gtp_newlink() function. The vulnerability was resolved in the Linux kernel, indicating a memory safety issue that could potentially lead to system instability or privilege escalation. The CISA CSAF advisory ICSA-25-226-15, published 2025-08-12 and last modified 2026-02-25, covers this CVE for Siemens industrial networking products. Notably, the advisory's threat assessment categorizes the impact as 'Misinformed' for the affected product IDs, suggesting potential clarification or correction of earlier impact assessments. Siemens ProductCERT advisory SSA-613116 provides the primary vendor guidance. The 2026-02-25 revision represents a CISA republication based on updated Siemens guidance, following earlier corrections to affected product listings in February 2026.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial networking equipment. Telecommunications providers and industrial operators using Linux-based systems with GTP tunneling capabilities. Security teams responsible for industrial control system infrastructure and kernel-level vulnerability management.
Technical summary
The vulnerability exists in the Linux kernel's GTP (GPRS Tunneling Protocol) implementation, specifically in the gtp_newlink() function used during network interface creation. The flaw involves both use-after-free and null-pointer dereference conditions, indicating improper memory management during object lifecycle handling. The GTP driver is used in telecommunications and industrial networking contexts for tunneling GPRS and UMTS traffic over IP networks. The kernel-level nature of this vulnerability means exploitation could affect system stability and potentially enable privilege escalation. Siemens has identified this as affecting certain SCALANCE and RUGGEDCOM industrial networking products that utilize the vulnerable kernel code. The 'Misinformed' threat categorization in the CSAF data suggests advisory updates have clarified the actual security impact versus initial assessments.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific patch availability and version guidance for SCALANCE and RUGGEDCOM product families
- Verify kernel version on affected Siemens devices and apply vendor-provided updates when available
- Monitor CISA ICS advisories for additional guidance on industrial control system implementations
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
CVE description indicates kernel-level memory safety flaw in GTP networking subsystem. CISA CSAF advisory ICSA-25-226-15 published 2025-08-12, modified 2026-02-25. Threat category 'Misinformed' per CSAF threats field. Revision history shows product list corrections on 2026-02-12, CVE removal on 2026-02-24, and republication on 2026-02-25.
Official resources
-
CVE-2024-26793 CVE record
CVE.org
-
CVE-2024-26793 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12