PatchSiren cyber security CVE debrief
CVE-2024-26937 Siemens CVE debrief
A vulnerability in the Linux kernel's Intel i915 graphics driver (drm/i915/gt) could allow a local attacker to cause a denial of service condition. The issue stems from improper state management where the queue_priority_hint is not reset when the GPU engine is parked, potentially leading to priority inheritance problems or scheduler misbehavior. The vulnerability was resolved by resetting queue_priority_hint on parking. Siemens has identified this as affecting the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP industrial control device. No patch is currently available from Siemens; mitigation relies on restricting access to trusted personnel and running only trusted applications.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP programmable logic controllers with the GNU/Linux subsystem enabled, particularly in industrial automation, manufacturing, and critical infrastructure environments where device availability is essential. Security teams responsible for OT/ICS asset protection and patch management should prioritize monitoring and access controls.
Technical summary
The vulnerability exists in the Intel i915 graphics driver's GPU scheduling code (drm/i915/gt). When a GPU engine is parked (transitioned to idle state), the queue_priority_hint field is not properly reset. This can cause the scheduler to operate with stale priority hints, potentially leading to priority inversion, scheduling deadlocks, or other scheduler malfunctions that result in denial of service. The fix ensures queue_priority_hint is reset during the parking operation. The CVSS 3.1 score of 5.5 (Medium) reflects local attack requirements with high availability impact but no confidentiality or integrity impact.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Implement application whitelisting to ensure only trusted, verified applications execute on the GNU/Linux subsystem
- Monitor for anomalous process behavior or scheduler-related errors in system logs that may indicate exploitation attempts
- Establish compensating controls such as network segmentation to limit lateral movement if the device is compromised
- Subscribe to Siemens ProductCERT security advisories for notification when a patch becomes available
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue in the drm/i915/gt driver component. Siemens CSAF data confirms affected product as SIMATIC S7-1500 TM MFP GNU/Linux subsystem with no fix available. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, low privileges required, no user interaction, and high availability impact.
Official resources
-
CVE-2024-26937 CVE record
CVE.org
-
CVE-2024-26937 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09