PatchSiren cyber security CVE debrief
CVE-2024-38590 Siemens CVE debrief
CVE-2024-38590 is a Linux kernel vulnerability in the RDMA/hns (Hisilicon Network Subsystem) driver where excessive error logging could trigger a kernel panic. The issue stems from unbounded error messages when CQE (Completion Queue Entry) errors occur, potentially causing resource exhaustion. The fix implements rate-limited error logging and reduces CQE dump verbosity to debug level. Siemens has identified this as affecting SINEC OS and related industrial network infrastructure products. The vulnerability is classified with a CVSS 3.1 vector of AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N, indicating network-based attack vector with high attack complexity, requiring no privileges but user interaction, with no impact to confidentiality, integrity, or availability in the base score. However, the source notes one product (CSAFPID-0003) as 'Misinformed' regarding impact. A vendor fix is available requiring update to V3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens SINEC OS, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial networking equipment with underlying Linux kernel RDMA/hns driver support should prioritize patching to prevent potential kernel instability from excessive error logging conditions.
Technical summary
The RDMA/hns driver in the Linux kernel used unbounded error logging (ibdev_err()) for CQE errors, which could lead to kernel panic under high error conditions. The resolution changes error logging to rate-limited (ibdev_err_ratelimited()) and reduces CQE dump output to debug level only. This is a denial-of-service condition through log flooding rather than memory corruption or code execution.
Defensive priority
low
Recommended defensive actions
- Update affected Siemens SINEC OS and related products to version 3.1 or later per vendor guidance
- Monitor kernel logs for excessive RDMA/hns CQE error messages as potential indicator of exploitation attempts
- Apply standard ICS defense-in-depth practices for industrial control systems
- Review and implement CISA ICS recommended practices for network segmentation and access controls
Evidence notes
The vulnerability description indicates excessive kernel logging can cause panic conditions. The CVSS vector shows AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N. Siemens advisory SSA-613116 provides remediation guidance. CISA advisory ICSA-25-226-15 was initially published 2025-08-12 and republished 2026-02-25 with updates based on Siemens ProductCERT advisory.
Official resources
-
CVE-2024-38590 CVE record
CVE.org
-
CVE-2024-38590 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12