PatchSiren cyber security CVE debrief
CVE-2024-42089 Siemens CVE debrief
A NULL pointer dereference vulnerability exists in the Linux kernel's ASoC fsl-asoc-card driver. The issue stems from improper initialization order where `priv->pdev` is dereferenced in `fsl_asoc_card_audmux_init()` before being assigned. Since `priv` is zero-initialized, this results in a NULL pointer dereference when the code attempts to access the `dev` structure for error reporting via `dev_err` macros. The vulnerability is timing-dependent: if no errors occur before the assignment, the driver may not crash due to compiler optimizations, but the code path remains defective. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, with a vendor fix available in version 3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial Ethernet switches; OT security teams managing firmware lifecycle for industrial control systems; Linux kernel maintainers for embedded/IoT distributions using Freescale i.MX ASoC drivers
Technical summary
The vulnerability exists in the Freescale ASoC card driver (`fsl-asoc-card`) within the Linux kernel's ALSA System on Chip (ASoC) subsystem. During driver probe, the `priv->pdev` pointer is dereferenced in `fsl_asoc_card_audmux_init()` to obtain the device structure for error reporting, but this occurs before `priv->pdev` is assigned the valid platform device pointer. Because `priv` is allocated with `kzalloc()` or equivalent zero-initializing allocation, `priv->pdev` contains NULL at the time of dereference. The fix relocates the `priv->pdev = pdev` assignment to the beginning of the probe function, ensuring all sub-functions have valid access to the platform device structure. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable kernel driver in their SINEC OS firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided update to version 3.1 or later for affected Siemens SCALANCE and RUGGEDCOM products
- Review kernel driver initialization patterns in custom Linux kernel builds using Freescale ASoC components
- Monitor CISA ICS advisories for additional affected product announcements
- Implement network segmentation for industrial control systems per CISA recommended practices
- Verify patch application through vendor security advisory SSA-613116
Evidence notes
The vulnerability was resolved by moving the `priv->pdev` assignment to the start of the probe function, ensuring sub-functions can correctly use `pdev` through `priv`. The source advisory (ICSA-25-226-15) was initially published on 2025-08-12 and subsequently modified on 2026-02-12, 2026-02-24, and 2026-02-25 to correct affected product listings and incorporate updates from Siemens ProductCERT SSA-613116. The CVSS vector indicates network attack vector with high attack complexity, requiring no privileges but user interaction, with no impact to confidentiality, integrity, or availability in the assessed configuration.
Official resources
-
CVE-2024-42089 CVE record
CVE.org
-
CVE-2024-42089 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12