PatchSiren cyber security CVE debrief
CVE-2024-41065 Siemens CVE debrief
CVE-2024-41065 is a vulnerability in the Linux kernel's powerpc/pseries subsystem where reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* triggers a BUG() condition, causing a kernel crash. The vulnerability stems from improper input validation when handling debug filesystem access to CPU dispatch trace logs on IBM Power Systems (pseries) platforms. While the CVE description indicates this is a kernel-level issue, the supplied source corpus from CISA's CSAF advisory (ICSA-25-226-07) and Siemens ProductCERT indicates this CVE was included in a third-party components assessment for Siemens industrial networking products. Notably, the CISA advisory's threat assessment categorizes the impact for affected Siemens products as 'Misinformed,' and revision history from February 2026 clarifies that affected product configurations were corrected and some CVEs were removed from the advisory. The advisory was republished on February 25, 2026 based on Siemens ProductCERT SSA-355557. No CVSS score is provided in the source corpus.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
System administrators managing IBM Power Systems (pseries) running Linux, security teams overseeing Siemens industrial networking infrastructure, OT/ICS security practitioners tracking third-party component vulnerabilities in industrial products, and kernel maintainers responsible for powerpc architecture code.
Technical summary
The vulnerability exists in the Linux kernel's powerpc/pseries platform code, specifically in the dispatch trace log (DTL) debug filesystem interface. When a user reads from /sys/kernel/debug/powerpc/dtl/cpu-*, the kernel triggers a BUG() macro, resulting in an intentional crash. This indicates a defensive programming check that detected an unexpected condition, likely related to buffer handling, CPU state validation, or race conditions in the debug interface. The BUG() macro typically prints a stack trace and halts the system, causing denial of service. On IBM Power Systems (pseries), this interface provides visibility into CPU dispatching behavior for performance analysis. The vulnerability requires local access to the debug filesystem, which is typically restricted to root users, limiting exploitability in properly configured systems.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify kernel version on Power Systems (pseries) platforms and apply vendor-provided updates
- Restrict access to /sys/kernel/debug/powerpc/dtl/cpu-* to privileged users only
- Monitor for unexpected kernel crashes on IBM Power Systems running affected kernel versions
- Apply defense-in-depth practices per CISA ICS recommended practices for industrial control systems
Evidence notes
Source corpus indicates this CVE was evaluated in CISA advisory ICSA-25-226-07 for Siemens SINEC OS third-party components. The advisory's threat section marks impact as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. Revision history shows multiple updates: initial publication 2025-08-12, corrections to affected products on 2026-02-12, clarification of SCALANCE family configurations and CVE removals on 2026-02-24, and final republication based on Siemens SSA-355557 on 2026-02-25. The underlying vulnerability is in Linux kernel powerpc/pseries debugfs interface, not Siemens proprietary code.
Official resources
-
CVE-2024-41065 CVE record
CVE.org
-
CVE-2024-41065 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12