PatchSiren cyber security CVE debrief
CVE-2024-27078 Siemens CVE debrief
CVE-2024-27078 is a memory leak vulnerability in the Linux kernel's Video4Linux2 Test Pattern Generator (v4l2-tpg) subsystem. The flaw exists in the `tpg_alloc` function where resources allocated within `for` loops are not properly deallocated in error-handling paths. Since `tpg_free` is only called when `tpg_alloc` returns 0, any error path before successful completion results in resource leaks. This vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. The CVSS 3.1 score of 8.8 (HIGH) reflects network attack vector, low attack complexity, no privileges required, and high impacts to confidentiality, integrity, and availability—though user interaction is required. CISA published this advisory on April 9, 2024, with multiple updates through September 2025 adding related CVEs. No patch is currently available from Siemens.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Operators of Siemens SIMATIC S7-1500 TM MFP systems utilizing the GNU/Linux subsystem; industrial control system security teams; OT/ICS asset owners with embedded Linux environments; organizations implementing defense-in-depth for critical manufacturing infrastructure
Technical summary
The vulnerability resides in `tpg_alloc()` within `drivers/media/common/v4l2-tpg/v4l2-tpg-core.c`. Resources allocated in iterative loops lack proper cleanup on error paths, causing memory leaks. The function only invokes `tpg_free()` on successful return (0), leaving allocated structures unreachable on any failure branch. This affects the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP, an industrial PC module with embedded Linux capabilities. Attack surface is limited to contexts where the v4l2-tpg module can be triggered, but successful exploitation contributes to memory exhaustion and potential denial of service.
Defensive priority
HIGH
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run only applications from trusted sources
- Monitor for anomalous memory consumption patterns in affected systems
- Apply defense-in-depth controls per CISA ICS recommended practices
- Subscribe to Siemens ProductCERT notifications for patch availability
Evidence notes
Vulnerability confirmed through CISA ICS advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. The issue is rooted in Linux kernel media subsystem code (v4l2-tpg), affecting embedded GNU/Linux environments on industrial control hardware. CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates significant risk despite required user interaction.
Official resources
-
CVE-2024-27078 CVE record
CVE.org
-
CVE-2024-27078 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09