PatchSiren cyber security CVE debrief
CVE-2024-44971 Siemens CVE debrief
CVE-2024-44971 is a memory leak vulnerability in the Linux kernel's Broadcom Starfighter 2 (bcm_sf2) Distributed Switch Architecture (DSA) driver. The flaw occurs when PHY devices are found and removed without properly decrementing their reference count, leading to resource exhaustion over time. Siemens has assessed this vulnerability as not affecting their RUGGEDCOM RST2428P product, as indicated by the 'Misinformed' impact classification in their CSAF advisory. The vulnerability was originally published on August 12, 2025, with subsequent advisory updates through February 25, 2026, clarifying product impact scope. No known exploitation in the wild or ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Operators of Siemens RUGGEDCOM and SCALANCE industrial Ethernet switches; Linux kernel maintainers for DSA subsystem; OT security teams tracking third-party component vulnerabilities in industrial products
Technical summary
The vulnerability exists in the net/dsa/bcm_sf2.c driver where PHY device removal fails to properly balance reference counting. The fix adds phy_device_free() calls to decrement reference counts after phy_device_remove(). This is a classic CWE-401 (Missing Release of Memory after Effective Lifetime) issue. While the underlying Linux kernel flaw is real, Siemens' assessment indicates their RUGGEDCOM RST2428P implementation is not vulnerable to this specific issue, possibly due to different PHY handling or driver configuration.
Defensive priority
low
Recommended defensive actions
- Verify current firmware version on RUGGEDCOM RST2428P devices against Siemens ProductCERT guidance
- Subscribe to Siemens ProductCERT security advisories for SSA-355557 updates
- Review network segmentation for industrial Ethernet switches per CISA ICS recommended practices
- Monitor CISA ICS advisories for any future impact reassessment
Evidence notes
Siemens CSAF data explicitly marks this CVE with 'Misinformed' impact for affected product IDs, indicating the vulnerability does not actually affect the listed products. The source advisory underwent multiple revisions between August 2025 and February 2026 to correct affected product listings and remove rejected CVEs.
Official resources
-
CVE-2024-44971 CVE record
CVE.org
-
CVE-2024-44971 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Siemens ProductCERT SSA-355557; CISA ICSA-25-226-07