PatchSiren cyber security CVE debrief
CVE-2024-41022 Siemens CVE debrief
A signedness vulnerability in the Linux kernel's AMDGPU DRM driver, specifically within the `sdma_v4_0_process_trap_irq()` function, has been identified in third-party components used by Siemens industrial networking products. The flaw involves incorrect handling of signed values that may lead to processing errors. While the underlying vulnerability exists in the Linux kernel's graphics driver subsystem, Siemens has assessed this as not affecting their SINEC OS-based products due to the absence of the vulnerable code path in their specific configurations. The advisory was initially published by CISA on August 12, 2025, and subsequently updated on February 25, 2026, following republication based on Siemens ProductCERT guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE and RUGGEDCOM industrial networking equipment should review this advisory to confirm their specific product configurations. Security teams in OT/ICS environments should track this as a low-priority item given Siemens' assessment of non-exploitability, while maintaining awareness of the underlying Linux kernel vulnerability for any systems that may incorporate AMDGPU components. Linux kernel maintainers and distributors should evaluate patches for the underlying drm/amdgpu driver issue.
Technical summary
CVE-2024-41022 describes a signedness error in the `sdma_v4_0_process_trap_irq()` function within the AMDGPU DRM (Direct Rendering Manager) driver in the Linux kernel. This function processes trap interrupts from the System DMA (SDMA) engine version 4.0 found in AMD graphics hardware. Signedness vulnerabilities occur when a value is interpreted as signed when it should be unsigned, or vice versa, potentially causing integer overflow, unexpected loop behavior, or incorrect bounds checking. In interrupt handler contexts, such errors can lead to denial of service conditions or memory corruption. However, the CISA advisory marks this as 'Misinformed' impact for Siemens products, indicating the vulnerable code path is not present or not exploitable in the affected Siemens industrial networking product configurations.
Defensive priority
low
Recommended defensive actions
- Verify that affected Siemens products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) are running current firmware versions as maintained by Siemens
- Review Siemens ProductCERT advisory SSA-355557 for authoritative product-specific guidance
- Apply standard ICS defense-in-depth practices per CISA recommendations for industrial control systems
- Monitor CISA ICS advisories for any future changes to affected product status
Evidence notes
The source CISA CSAF advisory (ICSA-25-226-07) explicitly marks this CVE with threat category 'impact' and details 'Misinformed' for affected product IDs, indicating Siemens has determined their products are not actually vulnerable despite the CVE's existence. The vulnerability description references the Linux kernel AMDGPU driver function sdma_v4_0_process_trap_irq(), which handles SDMA (System DMA) trap interrupts. The advisory revision history shows multiple updates, with the February 25, 2026 republication specifically noting alignment with Siemens ProductCERT SSA-355557 advisory.
Official resources
-
CVE-2024-41022 CVE record
CVE.org
-
CVE-2024-41022 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12