CVE-2024-35933 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled, as well as any Linux systems with Intel Bluetooth hardware utilizing the vulnerable btintel driver. System administrators responsible for industrial control system security and availability should prioritize access controls given the current lack of available patches.

Technical summary

The btintel_read_version function in the Linux kernel's Bluetooth Intel driver fails to properly validate pointer references before dereferencing, resulting in a null pointer dereference condition. This flaw can be triggered by local users with low privileges, causing kernel panic and system unavailability. The vulnerability affects systems utilizing Intel Bluetooth hardware with the btintel driver, including the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP industrial controllers.

Defensive priority

medium

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for kernel crashes or unexpected Bluetooth subsystem failures that may indicate exploitation attempts
• Apply vendor patches when available, as the advisory currently indicates no fix is available
• Implement defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The vulnerability description indicates this is a null pointer dereference fix in the btintel_read_version function within the Linux kernel Bluetooth subsystem. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity and low privileges required, resulting in high availability impact. The source advisory (ICSA-24-102-01) from CISA provides official government-sourced confirmation of this vulnerability affecting Siemens industrial control products.

Official resources