PatchSiren cyber security CVE debrief
CVE-2024-41089 Siemens CVE debrief
CVE-2024-41089 describes a null pointer dereference vulnerability in the Linux kernel's Nouveau DRM driver, specifically within the nv17_tv_get_hd_modes function in dispnv04. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. According to the source advisory, this CVE is categorized as 'Misinformed' in the threat assessment, indicating it may not represent a genuine security vulnerability or the impact assessment has been corrected. The advisory (ICSA-25-226-07) was republished by CISA on 2026-02-25 based on Siemens ProductCERT SSA-355557. Siemens has identified this CVE as affecting third-party components in SINEC OS, with products including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family potentially within scope, though the affected product count shows zero in the source data. No CVSS score or severity is available in the source corpus. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking products with SINEC OS that utilize the Nouveau open-source NVIDIA driver, particularly those with legacy NV17-era hardware support enabled. Priority is reduced due to 'Misinformed' threat categorization.
Technical summary
A null pointer dereference exists in the nv17_tv_get_hd_modes function within the Nouveau DRM driver's dispnv04 code for legacy NVIDIA hardware. The source advisory categorizes the threat as 'Misinformed', suggesting the CVE may have been incorrectly reported or its impact assessment has been revised. The vulnerability affects third-party Linux kernel components used in Siemens SINEC OS products.
Defensive priority
low
Recommended defensive actions
- Review Siemens SSA-355557 advisory for current product impact assessment
- Verify whether affected products are actually impacted given 'Misinformed' threat categorization
- Apply standard kernel update practices if using Nouveau driver in affected Siemens products
- Monitor CISA ICS advisories for any reclassification of this CVE
Evidence notes
Source advisory ICSA-25-226-07 categorizes this CVE threat as 'Misinformed' per the threats array. The source shows zero affected products despite listing product names. CISA republication on 2026-02-25 was based on Siemens SSA-355557 advisory.
Official resources
-
CVE-2024-41089 CVE record
CVE.org
-
CVE-2024-41089 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12