PatchSiren cyber security CVE debrief
CVE-2024-35247 Siemens CVE debrief
CVE-2024-35247 is a Linux kernel vulnerability in the FPGA region subsystem that could lead to a null pointer dereference during FPGA programming operations. The issue stems from the fpga region implementation assuming that low-level modules register a driver for the parent device and use its owner pointer for module reference counting. When the parent device lacks a driver, this assumption fails, potentially causing system instability during region acquisition for programming. The vulnerability was resolved by adding an explicit module owner pointer to the fpga_region structure and modifying registration functions to properly handle module reference counting. Siemens has identified this vulnerability as affecting certain industrial networking products, with a vendor fix available requiring update to version 3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial networking equipment; industrial control system operators utilizing FPGA-based programmable logic; Linux kernel maintainers and embedded systems developers working with FPGA subsystems
Technical summary
The vulnerability exists in the Linux kernel's FPGA region management code where the fpga_region structure relies on the parent device's driver owner pointer for module reference counting. When no driver is registered for the parent device, attempting to acquire the region during FPGA programming triggers a null pointer dereference. The resolution adds an explicit 'owner' field to fpga_region, modifies registration functions to accept an owner module parameter, and provides compatibility macros to maintain existing driver interfaces. This ensures proper reference counting regardless of parent device driver state.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens SCALANCE and RUGGEDCOM devices to version 3.1 or later as specified in vendor advisory
- Review FPGA programming workflows in affected industrial control systems for potential stability risks prior to patching
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Monitor vendor security advisories for additional affected products or updated remediation guidance
Evidence notes
The vulnerability description indicates a null pointer dereference risk in the Linux kernel's FPGA region subsystem when parent devices lack registered drivers. The fix involves architectural changes to module reference counting through explicit owner pointers. Siemens ProductCERT advisory SSA-613116 provides affected product information and remediation guidance. CISA published advisory ICSA-25-226-15 on 2025-08-12 with subsequent updates through 2026-02-25.
Official resources
-
CVE-2024-35247 CVE record
CVE.org
-
CVE-2024-35247 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12