PatchSiren cyber security CVE debrief
CVE-2024-44948 Siemens CVE debrief
A vulnerability in the Linux kernel's x86 Memory Type Range Register (MTRR) handling could cause a general protection fault (#GP) and trigger a WARN_ON() on CPUs that do not support fixed MTRR capability. The issue occurs in mtrr_save_state(), which accesses fixed MTRR MSRs without first checking the capability bit. While the #GP is handled gracefully and is harmless, it results in an unnecessary kernel warning. The vulnerability affects Siemens SIMATIC S7-1500 TM MFP devices running the GNU/Linux subsystem. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, low privileges required, and high availability impact. No patch is currently available from the vendor.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with GNU/Linux subsystems should prioritize this vulnerability. System administrators responsible for kernel maintenance on x86-based industrial systems, security teams monitoring for kernel anomalies, and OT security practitioners defending critical infrastructure environments should monitor for vendor patches and implement recommended mitigations.
Technical summary
The Linux kernel's x86 MTRR (Memory Type Range Register) subsystem contains a vulnerability in mtrr_save_state() where fixed MTRR MSRs are accessed without first verifying the fixed MTRR capability bit is set. Fixed MTRRs provide fine-grained caching control for the 640K-1MB region using separate MSRs. While all historical x86 CPUs supporting MTRR have set this capability bit, a CPU without fixed MTRR support would trigger a #GP when the RDMSR instruction executes. The fault is handled gracefully but generates a WARN_ON() kernel warning. The fix adds a capability check before accessing fixed MTRR MSRs. This vulnerability is classified under CWE-754: Improper Check for Unusual or Exceptional Conditions.
Defensive priority
medium
Recommended defensive actions
- Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for kernel WARN_ON() messages related to MTRR operations as potential indicators of exploitation attempts
- Apply vendor patches when available from Siemens
Evidence notes
The vulnerability was disclosed in CISA advisory ICSA-24-102-01 on 2024-04-09 and affects Siemens SIMATIC S7-1500 TM MFP GNU/Linux subsystem. The root cause is a missing capability check in mtrr_save_state() before accessing fixed MTRR MSRs. The issue was resolved in the Linux kernel by adding the missing capability check. Siemens has not released a patch as of the latest advisory update on 2026-05-14.
Official resources
-
CVE-2024-44948 CVE record
CVE.org
-
CVE-2024-44948 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09