PatchSiren cyber security CVE debrief
CVE-2024-38597 Siemens CVE debrief
A vulnerability in the Linux kernel's sungem Ethernet driver could lead to deadlocks when netpoll is active. The gem_poll_controller() function disables interrupts, which may sleep—a prohibited operation in netpoll contexts where interrupts are completely disabled. The issue manifests as netpoll warnings indicating that the driver enabled interrupts during poll operations. The fix removes the .ndo_poll_controller callback entirely, as netpoll has directly invoked NAPI for years, making this callback unnecessary. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, with a vendor fix available in version 3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches running SINEC OS versions prior to 3.1. System administrators utilizing netpoll functionality for remote debugging or console access over network interfaces should prioritize patching. Industrial control system operators following CISA guidance for critical infrastructure protection should review this advisory as part of vulnerability management programs.
Technical summary
The vulnerability exists in the sungem Ethernet driver's gem_poll_controller() function, which was called during netpoll operations. This function disabled interrupts, an operation that may sleep, which violates netpoll's requirement that interrupts remain disabled and no sleeping occur. The function also failed to actually poll completions, instead merely scheduling NAPI and exiting. The resolution removes the .ndo_poll_controller callback entirely, as modern netpoll implementations invoke NAPI directly without requiring this intermediate step.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS version 3.1 or later for affected Siemens SCALANCE and RUGGEDCOM products
- Review network configurations that utilize netpoll functionality on affected systems
- Monitor system logs for netpoll-related warnings indicating potential deadlock conditions
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The vulnerability was resolved in the Linux kernel by removing the .ndo_poll_controller callback from the sungem driver. The gem_poll_controller() function was problematic because it disabled interrupts in a context where sleeping is not permitted. Siemens ProductCERT issued advisory SSA-613116, which CISA republished as ICSA-25-226-15 on 2025-08-12. The advisory was subsequently updated on 2026-02-25 to reflect the latest information from Siemens.
Official resources
-
CVE-2024-38597 CVE record
CVE.org
-
CVE-2024-38597 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public