PatchSiren cyber security CVE debrief
CVE-2024-26920 Siemens CVE debrief
A vulnerability in the Linux kernel's tracing/trigger subsystem could allow a local attacker to cause a denial of service condition. The issue stems from improper error handling when allocating snapshot memory in the tracing trigger functionality. Specifically, when snapshot allocation fails, the code did not properly return an error code, potentially leading to undefined behavior or system instability. This affects Siemens SIMATIC S7-1500 TM MFP industrial control systems that utilize the GNU/Linux subsystem. The vulnerability requires local access and low privileges to exploit, with no user interaction needed. While no confidentiality or integrity impact occurs, successful exploitation results in high availability impact. Siemens has not released a patch for this vulnerability; mitigation relies on restricting access to trusted personnel and ensuring only applications from trusted sources are executed on affected systems.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with GNU/Linux subsystem, OT security teams, Linux kernel maintainers for embedded/ICS deployments, and organizations following CISA ICS security guidance.
Technical summary
The Linux kernel's tracing/trigger subsystem contains an error handling defect where snapshot allocation failures do not return proper error codes. Located in kernel/tracing code, this vulnerability triggers when memory allocation for tracing snapshots fails, causing the function to proceed without indicating failure to callers. The flaw requires local access with low privileges and results in high availability impact. Affected systems include Siemens SIMATIC S7-1500 TM MFP with GNU/Linux subsystem. No patch is currently available; mitigations focus on access restriction and trusted application execution.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Execute only applications from trusted sources on affected systems
- Monitor for anomalous local process behavior or unexpected tracing subsystem errors
- Apply vendor patches when released by Siemens
- Review CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CVE published 2024-04-09 per official CVE record. CISA advisory ICSA-24-102-01 published same date. Modified 2026-05-14. Source confirms affected product as SIMATIC S7-1500 TM MFP GNU/Linux subsystem. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with availability impact only.
Official resources
-
CVE-2024-26920 CVE record
CVE.org
-
CVE-2024-26920 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09