PatchSiren cyber security CVE debrief
CVE-2024-36938 Siemens CVE debrief
CVE-2024-36938 is a denial-of-service vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) socket message subsystem. The flaw involves NULL pointer dereference and data-race conditions in the sk_psock_skb_ingress_enqueue() function, which was reported by syzbot. The vulnerability has a CVSS score of 5.5 (MEDIUM severity). Siemens has identified this CVE as affecting certain industrial networking products including the RUGGEDCOM RST2428P and SCALANCE families, though the CISA advisory marks the impact assessment as 'Misinformed' for the tracked product IDs. The vulnerability was initially published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product lists and clarifications on product family configurations. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial environments should monitor this advisory. Security teams responsible for OT/ICS infrastructure and Linux kernel security should track patch availability from Siemens.
Technical summary
This vulnerability exists in the Linux kernel's BPF socket message (skmsg) subsystem, specifically in the sk_psock_skb_ingress_enqueue() function. The flaw involves NULL pointer dereference and data-race conditions that can be triggered to cause denial of service. The vulnerability was discovered through syzbot kernel fuzzing. While Siemens has associated this CVE with certain industrial networking products, the CISA advisory indicates the impact assessment may be subject to revision.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify kernel version and BPF subsystem configuration on affected Siemens devices
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat category is marked as 'Misinformed' in the source data for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The revision history shows multiple updates correcting affected product listings and removing rejected CVEs.
Official resources
-
CVE-2024-36938 CVE record
CVE.org
-
CVE-2024-36938 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12