PatchSiren cyber security CVE debrief
CVE-2024-36946 Siemens CVE debrief
A vulnerability in the Linux kernel's Phonet protocol implementation has been resolved. The issue was in the `rtm_phonet_notify()` function, which incorrectly calculated the required socket buffer (skb) allocation size when preparing route notification messages. The function failed to properly account for all three components stored by `fill_route()`: the `struct rtmsg` header, the `RTA_DST` attribute (1 byte), and the `RTA_OIF` attribute (4 bytes). This miscalculation could lead to insufficient memory allocation for netlink messages. The fix ensures correct buffer sizing using `NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)`. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, with updates available to address the issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking equipment (SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, RUGGEDCOM RST2428P) with SINEC OS should prioritize patching. Linux system administrators using Phonet protocol functionality should verify kernel patch status. Industrial control system operators should monitor CISA advisories for OT-specific guidance.
Technical summary
The vulnerability exists in the Linux kernel's Phonet protocol implementation, specifically in `rtm_phonet_notify()`. The function incorrectly calculated socket buffer size for route notification messages, failing to properly sum the sizes of all netlink attributes. The fix corrects the allocation to use proper alignment and total size calculations for the rtmsg structure and both RTA_DST (1 byte) and RTA_OIF (4 bytes) attributes. This is a memory allocation correctness issue in kernel networking code.
Defensive priority
medium
Recommended defensive actions
- Review Siemens security advisory SSA-613116 for complete affected product list and patch availability
- Update affected Siemens SCALANCE and RUGGEDCOM devices to SINEC OS V3.1 or later version
- Verify kernel version on Linux systems using Phonet protocol and apply appropriate vendor patches
- Monitor CISA ICS advisories for additional guidance on industrial control system security
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates this is a kernel-level fix for skb allocation in the Phonet protocol's route notification mechanism. The source advisory (ICSA-25-226-15) from CISA, republished based on Siemens ProductCERT SSA-613116, lists affected Siemens industrial networking products. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect corrections to affected products list and removal of rejected CVEs. Siemens provides vendor fix guidance to update to V3.1 or later.
Official resources
-
CVE-2024-36946 CVE record
CVE.org
-
CVE-2024-36946 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12