CVE-2024-35813 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with the GNU/Linux subsystem enabled, industrial control system operators, OT security teams, and Linux kernel maintainers deploying MMC/SD card support in embedded or industrial environments.

Technical summary

The vulnerability is an off-by-one style bounds checking issue in the Linux kernel's MMC core subsystem. When processing close-ended FFU operations, the code assigns `prev_idata = idatas[i - 1]` without first verifying that `i > 0`. On the first iteration where `i == 0`, this results in accessing `idatas[-1]`, which is undefined behavior and typically causes an out-of-bounds memory access. This can lead to kernel crashes or memory corruption, resulting in denial of service. The fix involves adding a simple bounds check before the array access.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for vendor security updates from Siemens
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The vulnerability description is sourced from the Linux kernel commit message and CISA ICS advisory ICSA-24-102-01. The affected product identification comes from the CSAF product tree with high confidence. The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, low privileges required, and high availability impact.

Official resources