CVE-2024-35934 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled should assess their exposure. System administrators responsible for OT/ICS environments, particularly those in manufacturing, process control, and critical infrastructure sectors using affected Siemens products, should implement the recommended access controls. Security teams managing industrial control system networks should incorporate this into their vulnerability management programs given the no-fix availability status. Linux kernel maintainers and distributors should track upstream fixes for incorporation into long-term support kernels used in embedded industrial systems.

Technical summary

The vulnerability exists in the Linux kernel's net/smc subsystem, specifically in `smc_pnet_create_pnetids_list()`. This function is part of the SMC-PNET (Shared Memory Communications over Physical Networks) implementation, which allows SMC to operate over standard Ethernet networks rather than requiring specialized hardware. The issue involves improper handling of the rtnl (rtnetlink) lock, which is a critical synchronization primitive for network configuration operations in Linux. Excessive pressure on this lock can cause system-wide networking delays and potential denial of service conditions. The vulnerability requires local access to the system and is rated LOW severity due to the high complexity of exploitation and limited impact scope.

Defensive priority

LOW

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for vendor security updates from Siemens for future patch availability
• Apply defense-in-depth strategies for industrial control system environments per CISA guidance
• Review and implement ICS-CERT recommended practices for securing industrial control systems

Evidence notes

The vulnerability description indicates this is a kernel-level networking issue in the SMC (Shared Memory Communications) subsystem, which is used for high-performance networking in IBM Z and LinuxONE environments. The specific function `smc_pnet_create_pnetids_list()` is responsible for creating network device lists for SMC-PNET (SMC over physical networks). The rtnl_lock contention issue could cause system responsiveness degradation under specific conditions. Siemens has confirmed this affects their SIMATIC S7-1500 TM MFP product's GNU/Linux subsystem, which incorporates the vulnerable kernel code. The CVSS vector (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L) confirms local attack vector with high complexity required for exploitation.

Official resources