PatchSiren cyber security CVE debrief
CVE-2024-41090 Siemens CVE debrief
CVE-2024-41090 is a HIGH severity vulnerability (CVSS 7.1) in the Linux kernel's tap driver, specifically in the `tap_get_user_xdp()` path. The flaw involves missing validation of frame length, which can result in corrupted socket buffers (skb) being passed down the network stack. This may lead to out-of-bounds memory access or inconsistent header metadata that confuses lower network layers. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The issue stems from insufficient input validation (CWE-20) where `skb_set_network_header()` assumes frame size exceeds `ETH_HLEN` without proper verification.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
System administrators managing Siemens industrial networking equipment including SCALANCE switches and RUGGEDCOM devices; security teams responsible for OT/ICS network infrastructure; Linux kernel maintainers and network stack developers; organizations utilizing XDP-based networking solutions in industrial environments; CISOs and risk managers overseeing industrial control system security postures
Technical summary
The vulnerability exists in the Linux kernel's tap network driver, specifically within the `tap_get_user_xdp()` function used for XDP (eXpress Data Path) frame processing. The code fails to validate that incoming frames meet minimum length requirements before calling `skb_set_network_header()`, which assumes a frame size greater than `ETH_HLEN` (14 bytes). This missing validation allows malformed short frames to propagate through the network stack as corrupted socket buffers. The corrupted skb can trigger out-of-bounds memory accesses when downstream components attempt to parse network headers beyond the actual frame boundary, or cause protocol confusion due to inconsistent header length metadata. The flaw represents a classic input validation failure (CWE-20) in kernel networking code with potential for memory safety violations and network stack instability.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM devices when available
- Monitor Siemens ProductCERT advisory SSA-355557 for patch availability and updated affected product lists
- Implement network segmentation to limit exposure of industrial control system devices
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Validate minimum frame size requirements in network configurations using tap interfaces
- Consider disabling XDP (eXpress Data Path) functionality on affected systems if not required for operations
Evidence notes
The vulnerability description is sourced from CISA ICS Advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS score of 7.1 with HIGH severity is confirmed in the source material. The affected product list includes RUGGEDCOM RST2428P (6GK6242-6PA00) and SCALANCE networking equipment families. The root cause is identified as missing frame length validation in the tap driver's XDP (eXpress Data Path) processing code path.
Official resources
-
CVE-2024-41090 CVE record
CVE.org
-
CVE-2024-41090 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12