PatchSiren cyber security CVE debrief
CVE-2024-39506 Siemens CVE debrief
CVE-2024-39506 is a NULL pointer dereference vulnerability in the Linux kernel's liquidio driver, specifically in the `lio_vf_rep_copy_packet()` function. The flaw occurs when `pg_info->page` is compared to NULL but then unconditionally passed to `skb_add_rx_frag()`, potentially causing a null pointer dereference. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. The CVSS score is 5.5 (MEDIUM severity). Notably, CISA's advisory ICSA-25-226-07 marks this CVE as 'Misinformed' for affected Siemens products, indicating the initial assessment of impact may have been incorrect. The advisory was republished on February 25, 2026, based on Siemens ProductCERT SSA-355557, which clarified affected configurations and moved some products to 'Known Not Affected' status.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Linux systems with Cavium LiquidIO network adapters; operators of Siemens industrial networking equipment including SCALANCE and RUGGEDCOM product lines; security teams tracking kernel-level network driver vulnerabilities; industrial control system administrators following CISA ICS advisories
Technical summary
The vulnerability exists in the liquidio driver's `lio_vf_rep_copy_packet()` function where a NULL check on `pg_info->page` is performed but not properly enforced before the pointer is passed to `skb_add_rx_frag()`. This coding error could result in a null pointer dereference condition. The issue affects the Linux kernel's handling of VF representor packet copying in Cavium LiquidIO network adapters. CISA's advisory indicates that initial assessments of impact on Siemens industrial networking products were incorrect ('Misinformed'), and the February 2026 update clarified which products are actually affected.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT SSA-355557 advisory for current product impact assessment
- Verify affected product status in organizational asset inventory, noting that some products previously listed as affected have been moved to 'Known Not Affected'
- Apply kernel updates from Linux distribution vendors that address the liquidio driver vulnerability
- For systems using liquidio-based network adapters, monitor for patches addressing the NULL pointer handling in lio_vf_rep_copy_packet()
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The source CISA CSAF advisory ICSA-25-226-07 explicitly categorizes this CVE's impact as 'Misinformed' for the listed product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). The February 25, 2026 republication was based on Siemens ProductCERT SSA-355557 advisory, which corrected the list of affected products and clarified SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family affected configuration.
Official resources
-
CVE-2024-39506 CVE record
CVE.org
-
CVE-2024-39506 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12