PatchSiren cyber security CVE debrief
CVE-2024-42283 Siemens CVE debrief
CVE-2024-42283 is a kernel memory information disclosure vulnerability in the Linux kernel's networking subsystem, specifically within the nexthop implementation. The issue stems from improper initialization of reserved fields in the `struct nexthop_grp` structure when dumping nexthop information via Netlink. The `nla_put_nh_group()` function fails to initialize two reserved fields (`resvd1` and `resvd2`), causing them to contain uninitialized kernel memory (garbage values) that is leaked to userspace. While these reserved fields are not currently used by the kernel, their exposure complicates future repurposing and represents a direct information leak. The vulnerability was resolved by ensuring the full structure is initialized before being dumped. Siemens has identified this as affecting the GNU/Linux subsystem of their SIMATIC S7-1500 TM MFP industrial control product, with no patch currently available. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, and low privileges required, with high availability impact potential.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
System administrators managing Siemens SIMATIC S7-1500 TM MFP deployments with enabled GNU/Linux subsystems; industrial control system security teams; Linux kernel maintainers and network stack developers; organizations with strict kernel memory isolation requirements
Technical summary
The Linux kernel's nexthop subsystem contains an information disclosure vulnerability where the `nla_put_nh_group()` function fails to initialize reserved fields in `struct nexthop_grp`. When dumping nexthop group information via Netlink (e.g., through `ip nexthop get` commands), the `resvd1` and `resvd2` fields contain uninitialized kernel memory that is leaked to userspace. This can be observed through system call tracing where non-zero garbage values appear in the reserved fields. The vulnerability is classified as CWE-908 (Use of Uninitialized Resource). While the reserved fields are not currently consumed by any kernel component, their exposure represents a memory leak and complicates future field repurposing. The fix initializes the complete structure before Netlink serialization.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for anomalous network configuration queries that may attempt to extract kernel memory
- Apply vendor patches when Siemens releases updates for the SIMATIC S7-1500 TM MFP GNU/Linux subsystem
Evidence notes
The vulnerability description indicates kernel memory leakage through uninitialized struct fields in the Linux kernel nexthop subsystem. Siemens CSAF advisory ICSA-24-102-01 confirms affected product as SIMATIC S7-1500 TM MFP GNU/Linux subsystem with no fix available. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack with availability impact.
Official resources
-
CVE-2024-42283 CVE record
CVE.org
-
CVE-2024-42283 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09