PatchSiren cyber security CVE debrief
CVE-2024-39468 Siemens CVE debrief
A deadlock vulnerability exists in the Linux kernel SMB client implementation within the smb2_find_smb_tcon() function. This flaw can cause the SMB client to become unresponsive when processing certain SMB2 protocol operations, leading to a denial-of-service condition. The vulnerability stems from improper locking mechanisms that can result in a circular wait condition between kernel threads.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure with SMB/CIFS connectivity requirements, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE XC/XR series devices in critical infrastructure environments. Security teams responsible for OT/ICS network segmentation and availability should assess exposure. System integrators and asset owners utilizing SINEC OS-based management platforms should monitor vendor advisories for remediation timelines.
Technical summary
CVE-2024-39468 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel SMB client subsystem. The flaw manifests as a deadlock in the smb2_find_smb_tcon() function, which can render SMB client operations unresponsive. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel SMB client implementation, including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vulnerability was disclosed on 2025-08-12 and was subsequently incorporated into CISA's ICS advisory program. A significant advisory update occurred on 2026-02-25, reflecting republication based on Siemens ProductCERT guidance. Organizations should prioritize patch deployment and implement compensating controls per CISA ICS recommended practices.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens industrial networking products when available
- Monitor for SMB client hang conditions in systems utilizing SMB/CIFS connectivity
- Implement network segmentation to limit SMB traffic exposure for critical industrial control systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Consider disabling SMB client functionality on affected devices if not operationally required
Evidence notes
The vulnerability description indicates a deadlock condition in the SMB client subsystem of the Linux kernel. The smb2_find_smb_tcon() function is responsible for locating SMB tree connection structures during SMB2 protocol operations. Deadlocks in this context typically arise from improper acquisition or release of synchronization primitives (mutexes, spinlocks) when handling concurrent SMB requests or during error recovery paths.
Official resources
-
CVE-2024-39468 CVE record
CVE.org
-
CVE-2024-39468 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12