PatchSiren cyber security CVE debrief
CVE-2024-35835 Siemens CVE debrief
This CVE addresses a double-free vulnerability in the Linux kernel's Mellanox mlx5e driver, specifically within the `arfs_create_groups` function. A double-free occurs when memory is freed twice, potentially leading to memory corruption, system instability, or code execution. The vulnerability was resolved in the Linux kernel, and Siemens has assessed this as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and remove rejected CVEs. No CVSS score is currently available in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE X-family managed switches in critical infrastructure, manufacturing, or utility environments. Security teams responsible for OT/ICS asset management and patch coordination should prioritize review.
Technical summary
CVE-2024-35835 is a double-free vulnerability in the Linux kernel's Mellanox mlx5e Ethernet driver, specifically in the `arfs_create_groups` function. The vulnerability occurs during error handling paths where memory may be freed twice, leading to potential memory corruption. This kernel-level issue affects Siemens industrial networking products utilizing SINEC OS, including RUGGEDCOM RST2428P and SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families). Siemens notes that SINEC OS versions below 3.1 are unsupported for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family. The vulnerability has been resolved in the upstream Linux kernel.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed affected product and patch information
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices; ensure version 3.1 or later is deployed as earlier versions are unsupported
- Apply vendor-provided firmware updates when available per Siemens guidance
- Monitor CISA ICS advisories for additional updates to ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
- Follow defense-in-depth strategies for ICS environments as outlined in CISA guidance
Evidence notes
The vulnerability description indicates a resolved double-free in net/mlx5e driver. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product assessment. CISA's CSAF advisory ICSA-25-226-15 was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect corrections to affected products and removal of rejected CVEs. The threat assessment in the source marks impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2024-35835 CVE record
CVE.org
-
CVE-2024-35835 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12