PatchSiren cyber security CVE debrief
CVE-2024-26900 Siemens CVE debrief
A memory leak vulnerability exists in the Linux kernel's Multiple Device (md) driver subsystem. When the kobject_add() function fails during bind_rdev_to_array(), the rdev->serial allocation is not freed, resulting in a kmemleak condition. The vulnerability was resolved in the Linux kernel with a fix for the memory leak of rdev->serial. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, with a vendor fix available by updating to version 3.1 or later. The CVSS 3.1 vector indicates network attack vector with high attack complexity, requiring no privileges but user interaction, with no impact to confidentiality, integrity, or availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
System administrators managing Siemens industrial networking equipment running SINEC OS, particularly RUGGEDCOM and SCALANCE product families. Organizations utilizing Linux-based RAID configurations with mdadm in industrial environments. Security teams responsible for vulnerability management in operational technology (OT) environments. CISOs and risk managers overseeing industrial control system security postures.
Technical summary
The vulnerability exists in the Linux kernel's Multiple Device (md) driver, specifically in the bind_rdev_to_array() function. When kobject_add() fails, the previously allocated rdev->serial memory is not freed, causing a kernel memory leak detectable by kmemleak. The allocation occurs through rdev_init_serial() → mddev_create_serial_pool() → bind_rdev_to_array(), with the leak triggered during mdadm operations via md_ioctl() → md_add_new_disk(). Siemens has confirmed this affects SINEC OS-based products including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vendor fix requires updating to SINEC OS V3.1 or later.
Defensive priority
low
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS version 3.1 or later for affected Siemens industrial networking products
- Monitor kernel memory usage on systems utilizing Linux md RAID functionality
- Review system logs for mdadm-related errors that may indicate failed kobject_add() operations
- Implement defense-in-depth strategies for industrial control systems per CISA guidance
Evidence notes
The vulnerability description indicates a kernel memory leak in the md driver when kobject_add() fails in bind_rdev_to_array(), leaving rdev->serial allocated but unfreed. The kmemleak backtrace shows allocation through rdev_init_serial() → mddev_create_serial_pool() → bind_rdev_to_array(). Siemens ProductCERT advisory SSA-613116 (republished by CISA as ICSA-25-226-15) identifies affected products and provides remediation guidance. The CVSS 3.1 score of 0.0 (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N) indicates negligible security impact.
Official resources
-
CVE-2024-26900 CVE record
CVE.org
-
CVE-2024-26900 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12