PatchSiren cyber security CVE debrief
CVE-2024-39476 Siemens CVE debrief
A deadlock vulnerability in the Linux kernel's md/raid5 subsystem could cause the raid5d() kernel thread to wait indefinitely for itself to clear the MD_SB_CHANGE_PENDING flag, resulting in a system hang. The vulnerability exists in the RAID5 driver where improper synchronization logic allows the raid5d() thread to block on a condition that only it can satisfy, creating a circular wait condition. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was resolved in the Linux kernel with a fix to prevent raid5d() from waiting on itself. Organizations should apply vendor-provided firmware updates and follow defense-in-depth practices for industrial control systems.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking equipment (SCALANCE X-family switches, RUGGEDCOM RST2428P) with SINEC OS; system administrators managing Linux systems with software RAID5 configurations; industrial control system operators relying on high-availability storage subsystems
Technical summary
The vulnerability exists in the Linux kernel's Multiple Device (md) driver, specifically in the RAID5 implementation. The raid5d() kernel thread, responsible for RAID5 array management, could enter a deadlock state by waiting for the MD_SB_CHANGE_PENDING flag to be cleared—a condition that only the raid5d() thread itself could satisfy. This creates a circular dependency where the thread blocks indefinitely, causing the RAID5 array to become unresponsive and potentially leading to system hang. The fix ensures proper synchronization to prevent raid5d() from waiting on itself.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM products as specified in the vendor security advisory
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Follow CISA recommended practices for industrial control systems defense-in-depth
- Monitor vendor security advisories for additional affected products or updated remediation guidance
- Review and apply Linux kernel security updates for systems utilizing md/raid5 software RAID configurations
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue in md/raid5 where raid5d() could deadlock waiting for itself to clear MD_SB_CHANGE_PENDING. Siemens ProductCERT advisory SSA-613116 (republished by CISA as ICSA-25-226-15) identifies affected industrial networking products. The source advisory underwent multiple revisions, with the most recent update on 2026-02-25 correcting affected product listings and removing rejected CVEs. The threat category is marked as 'Misinformed' in the source CSAF data. No CVSS score is provided in the source material.
Official resources
-
CVE-2024-39476 CVE record
CVE.org
-
CVE-2024-39476 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12