CVE-2024-42276 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC S7-1500 TM MFP systems with the GNU/Linux subsystem enabled, particularly in industrial and OT environments where high availability is critical. System administrators responsible for securing embedded Linux environments on industrial controllers should prioritize access controls until a patch becomes available.

Technical summary

The vulnerability exists in the nvme-pci driver of the Linux kernel. The function nvme_map_data() is invoked only when a request contains physical segments, but the corresponding nvme_unmap_data() function lacked an equivalent condition check. This inconsistency could result in dereferencing NULL or invalid pointers when unmapping data that was never mapped, leading to a kernel crash and system availability impact. The fix ensures nvme_unmap_data() mirrors the conditional logic of nvme_map_data().

Defensive priority

medium

Recommended defensive actions

• Restrict interactive shell access to the GNU/Linux subsystem on affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
• Ensure only applications from trusted sources are built and executed on the affected subsystem
• Monitor for kernel updates from Siemens that address this vulnerability in the GNU/Linux subsystem
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Review and implement ICS-CERT recommended practices for securing industrial control environments

Evidence notes

The vulnerability description indicates a resolved Linux kernel issue in the nvme-pci driver where nvme_unmap_data() lacked a condition check present in nvme_map_data(). Siemens CSAF data confirms this affects the SIMATIC S7-1500 TM MFP GNU/Linux subsystem. The CVSS vector AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H indicates local attack vector, low attack complexity, high privileges required, no user interaction, and high availability impact.

Official resources