PatchSiren cyber security CVE debrief
CVE-2024-27076 Siemens CVE debrief
CVE-2024-27076 is a memory leak vulnerability in the Linux kernel's media subsystem, specifically within the i.MX CSC/scaler driver. The issue occurs when memory allocated via v4l2_ctrl_handler_init is not properly freed on release, leading to resource exhaustion over time. This vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems that utilize the GNU/Linux subsystem. The CVSS 3.1 score of 8.8 (HIGH) reflects network attack vector, low attack complexity, no privileges required, user interaction required, and high impacts to confidentiality, integrity, and availability. The vulnerability was published on April 9, 2024, and the advisory has been updated multiple times through September 2025 to include additional related CVEs. No patch is currently available from the vendor.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with GNU/Linux subsystems, OT security teams, and organizations running Linux-based embedded systems with i.MX media processing capabilities.
Technical summary
The vulnerability exists in the Linux kernel's media subsystem, specifically the i.MX CSC (Color Space Converter) and scaler driver. The v4l2_ctrl_handler_init function allocates memory that is not properly freed when the control handler is released, resulting in a memory leak. On affected Siemens SIMATIC S7-1500 TM MFP systems with GNU/Linux subsystems, repeated operations involving video processing could lead to gradual memory exhaustion, potentially causing denial of service conditions. The attack requires user interaction but can be triggered remotely over the network.
Defensive priority
HIGH
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run only applications from trusted sources
- Monitor for anomalous resource consumption patterns that may indicate memory exhaustion
- Apply kernel updates from Siemens when available
- Implement network segmentation to limit exposure of affected industrial control systems
Evidence notes
Vulnerability confirmed in CISA ICS advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. Memory leak specifically identified in v4l2_ctrl_handler_init allocation path in Linux kernel media: imx: csc/scaler component.
Official resources
-
CVE-2024-27076 CVE record
CVE.org
-
CVE-2024-27076 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09