CVE-2024-41040 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system (ICS) environments. Network administrators responsible for traffic control configurations on Linux-based industrial systems should prioritize verification of patch status.

Technical summary

This vulnerability exists in the Linux kernel's network scheduler (net/sched) component, which handles traffic control and quality-of-service (QoS) functions. The UAF condition occurs during clash resolution, a mechanism used when multiple traffic classification rules match the same packet. When resolving these conflicts, improper memory management can result in accessing freed memory, potentially leading to kernel memory corruption, denial of service, or privilege escalation. The vulnerability affects Siemens industrial networking equipment that incorporates vulnerable Linux kernel versions.

Defensive priority

HIGH

Recommended defensive actions

• Verify affected product status directly with Siemens ProductCERT advisory SSA-355557
• Apply kernel updates from Siemens when available per vendor guidance
• Monitor network scheduler configurations on affected industrial systems
• Implement network segmentation for critical ICS infrastructure
• Review CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

The source advisory (ICSA-25-226-07) explicitly marks the impact for tracked product IDs as 'Misinformed', indicating potential uncertainty or correction in the initial assessment. The advisory underwent three revision updates between February 2026, including corrections to affected product lists and removal of rejected CVEs. The vulnerability description 'net/sched: UAF when resolving a clash' indicates a memory safety issue in Linux kernel traffic control.

Official resources