PatchSiren cyber security CVE debrief
CVE-2024-35978 Siemens CVE debrief
A memory leak vulnerability exists in the Linux kernel's Bluetooth subsystem, specifically within the hci_req_sync_complete() function. This flaw can lead to resource exhaustion and denial of service conditions on affected systems. The vulnerability has been identified in Siemens SIMATIC S7-1500 TM MFP industrial control systems that utilize the GNU/Linux subsystem. The issue stems from improper memory management during Bluetooth HCI (Host Controller Interface) synchronous request completion, where allocated memory is not properly freed under certain conditions. Local attackers with low privileges could potentially exploit this to degrade system availability over time through memory exhaustion.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled should prioritize this vulnerability. System administrators responsible for OT/ICS environments, security teams managing industrial control system security, and personnel with access to the interactive shell of affected devices should be aware of this issue. The vulnerability is particularly relevant for environments where multiple users or applications have access to the GNU/Linux subsystem.
Technical summary
The vulnerability exists in the Linux kernel's Bluetooth HCI (Host Controller Interface) implementation. The hci_req_sync_complete() function fails to properly release memory allocations under specific conditions, resulting in a memory leak. Over time, this can exhaust available system memory and cause denial of service conditions. The flaw is classified under CWE-401 (Missing Release of Memory after Effective Lifetime). The attack requires local access with low privileges, making it most relevant in multi-user environments or where untrusted code execution is possible on the GNU/Linux subsystem of affected Siemens industrial controllers.
Defensive priority
medium
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor system memory utilization for anomalous consumption patterns
- Apply vendor patches when Siemens releases an update for this vulnerability
- Implement network segmentation to limit exposure of affected industrial control systems
Evidence notes
The vulnerability description is sourced directly from the CISA CSAF advisory ICSA-24-102-01, which identifies this as a Bluetooth memory leak in hci_req_sync_complete(). The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, low privileges required, no user interaction, and high availability impact. The affected product is specifically the GNU/Linux subsystem component of Siemens SIMATIC S7-1500 TM MFP industrial controllers. No fix is currently available per the source advisory.
Official resources
-
CVE-2024-35978 CVE record
CVE.org
-
CVE-2024-35978 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2024-35978 was published on April 9, 2024, and last modified on May 14, 2026. The vulnerability was disclosed through coordinated disclosure involving CISA and Siemens, with the advisory ICSA-24-102-01 serving as the primary government-