CVE-2024-39484 Siemens CVE debrief

Who should care

Organizations running Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE X-family switches with SINEC OS, as well as any Linux systems using the Davinci MMC driver in built-in configuration

Technical summary

The Davinci MMC driver in the Linux kernel uses the __exit attribute on its remove function. When CONFIG_MMC_DAVINCI=y (built-in), this causes the linker to discard the remove callback. Device unbinding operations (sysfs unbind or hotplug removal) then proceed without executing cleanup code, resulting in resource leaks. The vulnerability is a coding pattern issue affecting kernel driver lifecycle management. Siemens products incorporating this component have been assessed with 'Misinformed' impact status per their security advisory.

Defensive priority

low

Recommended defensive actions

• Verify kernel configuration for affected Siemens devices to confirm CONFIG_MMC_DAVINCI is not set to built-in (y) if the Davinci MMC driver is used
• Review Siemens ProductCERT advisory SSA-355557 for specific product impact assessments
• Apply vendor-provided firmware updates when available per Siemens security advisory guidance
• Monitor CISA ICS advisories for updates to ICSA-25-226-07

Evidence notes

The vulnerability description indicates a kernel driver coding issue where __exit attribute causes the remove callback to be discarded for built-in drivers. Siemens ProductCERT advisory SSA-355557 and CISA ICSA-25-226-07 both document this assessment. The threat category in the source CSAF data is explicitly marked as 'Misinformed' for affected product IDs.

Official resources