PatchSiren cyber security CVE debrief
CVE-2024-35823 Siemens CVE debrief
CVE-2024-35823 is a memory corruption vulnerability in the Linux kernel's virtual terminal (vt) subsystem, specifically affecting the unicode buffer when deleting characters. The issue stems from improper use of memcpy() with overlapping buffers, which can lead to buffer corruption. This is the same class of vulnerability previously fixed for the VGA text buffer in kernel commit 39cdb68c64d8. The resolution involves replacing memcpy() with memmove() to properly handle overlapping memory regions. The vulnerability has been identified as affecting Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem. CISA published advisory ICSA-24-102-01 on April 9, 2024, with subsequent updates through September 2025 adding additional related CVEs. As of the source publication, no patch is available for the affected Siemens product, and mitigations focus on restricting access to trusted personnel and ensuring only trusted applications are executed.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled; industrial control system operators utilizing Linux-based terminals; security teams responsible for OT/ICS infrastructure patch management
Technical summary
The vulnerability exists in the Linux kernel's virtual terminal (vt) driver when handling unicode character deletion. The code incorrectly uses memcpy() to shift buffer contents, which produces undefined behavior when source and destination regions overlap. This results in corrupted unicode buffer state. The fix pattern is well-established: replace memcpy() with memmove(), which correctly handles overlapping memory regions. This same vulnerability class was previously identified and remediated for the VGA text buffer in kernel commit 39cdb68c64d8.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for future Siemens security advisories (SSA-265688) for patch availability
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Review and implement ICS-CERT recommended practices for control system security
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-102-01. The issue is a known Linux kernel vt subsystem bug with established fix pattern (memcpy to memmove replacement). Siemens product impact confirmed through CSAF product tree. No known exploitation in the wild per available sources.
Official resources
-
CVE-2024-35823 CVE record
CVE.org
-
CVE-2024-35823 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public