CVE-2024-35988 Siemens CVE debrief

Who should care

Operators of Siemens SIMATIC S7-1500 TM MFP systems utilizing the GNU/Linux subsystem, particularly those with memory configurations exceeding 4GB physical RAM. Industrial control system security teams and asset owners in manufacturing and process industries should assess exposure and implement compensating controls.

Technical summary

The RISC-V kernel's TASK_SIZE definition for 64-bit No-MMU configurations incorrectly constrains userspace memory addressing. On systems with physical RAM above 4GB, this causes spurious failures in userspace access routines. The vulnerability is local to the system with low attack complexity and privilege requirements. No confidentiality or integrity impact; availability impact is rated high per CVSS 3.1. Affects the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP. No fix is currently available; mitigations include access restriction and trusted application sourcing.

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
• Build and run only applications from trusted sources
• Monitor for vendor security updates as no patch is currently available
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Review system memory configurations to assess exposure if physical RAM exceeds 4GB

Evidence notes

The vulnerability stems from an incorrect TASK_SIZE definition in the RISC-V kernel for 64-bit NOMMU systems. When physical RAM extends beyond 4GB, the current definition causes userspace access routines to fail spuriously. This affects the GNU/Linux subsystem on Siemens SIMATIC S7-1500 TM MFP industrial control systems. The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact.

Official resources