PatchSiren cyber security CVE debrief
CVE-2024-36933 Siemens CVE debrief
CVE-2024-36933 is a vulnerability in the Linux kernel's NSH (Network Service Header) GSO (Generic Segmentation Offload) handling code, specifically in the `nsh_gso_segment()` function. The flaw involves improper restoration of SKB (socket buffer) header fields when processing segmented packets with outer headers, which could lead to header corruption and potential kernel crashes or undefined behavior. The vulnerability was triggered by syzbot using crafted GSO packets with layered protocols (ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP). Siemens has identified this as affecting certain industrial networking products including the RUGGEDCOM RST2428P and SCALANCE families, with a vendor fix available in version 3.1 or later. The CVSS 3.1 vector indicates network attack vector with high attack complexity, requiring no privileges but user interaction, with no impact to confidentiality, integrity, or availability in the scored configuration.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) and Linux systems utilizing NSH GSO functionality in network virtualization or service chaining deployments.
Technical summary
The vulnerability exists in `nsh_gso_segment()` where SKB header restoration for segmented packets fails to properly account for outer headers. Two specific problems were identified: (a) after setting ETH_P_NSH protocol and pushing the NSH header, skb->data points to the NSH header causing outer header stripping, and (b) restoration of mac_header and network_header doesn't account for potential data shifts performed by `udp6_ufo_fragment()`. The fix calculates outer header positions relative to inner headers and properly sets skb->{data,mac_header,protocol}.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens products to version 3.1 or later per vendor guidance
- Review network segmentation for industrial control systems using affected SCALANCE and RUGGEDCOM devices
- Monitor for anomalous network traffic patterns that could indicate attempted exploitation of GSO handling weaknesses
- Apply defense-in-depth strategies for industrial control systems as recommended by CISA
- Verify kernel patch status for non-Siemens Linux systems implementing NSH GSO functionality
Evidence notes
The vulnerability description indicates this was discovered through syzbot fuzzing and involves improper handling of SKB structure fields during GSO segmentation. The fix involves properly calculating outer header positions relative to inner headers and correctly setting skb->{data,mac_header,protocol}. Siemens ProductCERT advisory SSA-613116 provides vendor-specific remediation guidance. CISA advisory ICSA-25-226-15 was initially published 2025-08-12 and subsequently updated 2026-02-12, 2026-02-24, and 2026-02-25 to correct affected products list and incorporate the latest Siemens advisory information.
Official resources
-
CVE-2024-36933 CVE record
CVE.org
-
CVE-2024-36933 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12