PatchSiren cyber security CVE debrief
CVE-2024-35982 Siemens CVE debrief
A vulnerability in the batman-adv (Better Approach To Mobile Ad-hoc Networking Advanced) kernel module could allow an authenticated local attacker to cause a denial of service condition through an infinite loop when attempting to resize the local Translation Table (TT). The vulnerability stems from improper loop control in the TT resizing logic, which can be triggered under specific memory pressure or table growth conditions. This affects the GNU/Linux subsystem within Siemens SIMATIC S7-1500 TM MFP industrial control devices. The CVSS 3.1 vector indicates local attack vector with low attack complexity, requiring low privileges and no user interaction, resulting in high availability impact. No confidentiality or integrity impacts are associated with this vulnerability.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with activated GNU/Linux subsystem; network administrators managing batman-adv mesh deployments; OT security teams responsible for availability protection of manufacturing execution systems; compliance officers tracking CVE remediation for critical infrastructure assets
Technical summary
The batman-adv kernel networking module contains a logic flaw in the local Translation Table (TT) resizing routine that can enter an unbounded loop state. The TT is a data structure used to map client MAC addresses to originator nodes in mesh networks. When memory allocation failures or table fragmentation occur during resize operations, the retry logic lacks proper termination conditions, causing CPU exhaustion and system unresponsiveness. This is classified under CWE-835 (Loop with Unreachable Exit Condition). The vulnerability requires local authenticated access to the GNU/Linux subsystem, making exploitation dependent on prior compromise or insider access. No code execution or privilege escalation capabilities are associated with this flaw.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting to ensure only trusted applications are built and executed
- Monitor for anomalous resource consumption patterns that may indicate TT resizing loop conditions
- Apply vendor patches when Siemens releases firmware updates addressing this kernel module vulnerability
- Segment industrial control networks to limit lateral movement opportunities for authenticated users
Evidence notes
Vulnerability description and affected product information derived from CISA CSAF advisory ICSA-24-102-01. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack scope with availability-only impact. Siemens advisory SSA-265688 provides product-specific context for SIMATIC S7-1500 TM MFP GNU/Linux subsystem. CWE-835 (Loop with Unreachable Exit Condition) classification referenced in source materials.
Official resources
-
CVE-2024-35982 CVE record
CVE.org
-
CVE-2024-35982 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09