PatchSiren cyber security CVE debrief
CVE-2024-36020 Siemens CVE debrief
A race condition vulnerability in the Linux kernel i40e driver affects Siemens SIMATIC S7-1500 TM MFP industrial control systems. The flaw stems from a regression introduced by kernel commit 52424f974bc5, where two separate variables (an index 'v' and a VF pointer) were used interchangeably to track virtual functions. This desynchronization could cause the VF pointer to become stale and point to an unintended virtual function during reset races, leading to server hangs under difficult-to-reproduce conditions. The vulnerability is rated MEDIUM severity (CVSS 5.3) with a high attack complexity, requiring low privileges but no user interaction. The affected product is the GNU/Linux subsystem within Siemens SIMATIC S7-1500 TM MFP industrial controllers. No patch is currently available from Siemens; mitigations focus on restricting access to trusted personnel and ensuring only trusted applications are executed.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security teams, and network administrators managing Siemens SIMATIC S7-1500 TM MFP deployments in manufacturing, process control, or critical infrastructure environments. Organizations with remote or network-accessible GNU/Linux subsystems on these controllers face elevated risk of availability disruptions.
Technical summary
The vulnerability exists in the i40e Intel Ethernet driver within the Linux kernel. A code regression from commit 52424f974bc5 introduced a logic error where an index variable 'v' and a VF (Virtual Function) pointer were maintained separately but used interchangeably. During VF reset operations, incrementing the index did not guarantee the VF pointer was updated correspondingly, creating a race condition where a stale VF pointer could reference an incorrect or unintended virtual function structure. This leads to memory corruption or use of uninitialized data, manifesting as server hangs under specific timing conditions involving reset races. The fix removes the redundant index variable and iterates using a single VF pointer throughout the function to ensure pointer validity.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Implement application whitelisting to ensure only trusted, verified applications execute on the GNU/Linux subsystem
- Monitor for anomalous system behavior or unexpected hangs that may indicate exploitation attempts
- Apply vendor patches when released by Siemens for the SIMATIC S7-1500 TM MFP GNU/Linux subsystem
- Segment affected industrial control systems from untrusted networks per CISA ICS recommended practices
Evidence notes
CVE published 2024-04-09 per official CVE record. CISA ICS advisory ICSA-24-102-01 published same date. Siemens SSA-265688 advisory provides product-specific impact. CVSS 3.1 vector AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H confirms network-accessible, high-complexity, low-privilege attack leading to high availability impact. No KEV listing. No known ransomware campaign use.
Official resources
-
CVE-2024-36020 CVE record
CVE.org
-
CVE-2024-36020 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09