PatchSiren cyber security CVE debrief
CVE-2024-46673 Siemens CVE debrief
CVE-2024-46673 is a double-free vulnerability in the Linux kernel's aacraid SCSI driver that was published on August 12, 2025, and last modified on February 25, 2026. The flaw occurs in the aac_probe_one() function, which calls hardware-specific initialization functions through the aac_driver_ident::init pointer. These functions eventually invoke aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but fails to clear the pointer member. When the hardware-specific init function returns an error, aac_probe_one() follows an error path that attempts to free the memory pointed to by aac_dev::queues again, resulting in a double-free condition. This vulnerability is classified under CWE-415 (Double Free). The source advisory from CISA (ICSA-25-226-07) indicates that Siemens has assessed the impact as 'Misinformed' for affected products including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no CVSS score or severity rating is available in the provided source data. The advisory references Siemens ProductCERT advisory SSA-355557 for additional technical details and remediation guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
System administrators managing Siemens RUGGEDCOM and SCALANCE industrial networking equipment, security teams responsible for industrial control system (ICS) infrastructure, and organizations running Linux-based embedded systems with Adaptec RAID controllers should prioritize understanding this vulnerability. The 'Misinformed' impact assessment from Siemens suggests the actual risk to specific product configurations may differ from the generic CVE description, making vendor-specific guidance essential.
Technical summary
The vulnerability exists in the aacraid SCSI driver probe path. When aac_init_adapter() fails after allocating aac_dev::queues, it frees the memory but leaves the pointer uncleared. The subsequent error handling in aac_probe_one() then attempts to free the same memory again, causing a double-free. This is a classic use-after-free pattern that can lead to memory corruption, potential denial of service, or in some cases code execution. The vulnerability affects the kernel driver initialization path, requiring local or physical access to trigger during device probe operations.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance
- Verify kernel version and aacraid driver status on affected Siemens devices
- Apply vendor-provided firmware updates when available
- Monitor CISA ICS advisories for additional guidance
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat assessment indicates 'Misinformed' impact for affected products. No CVSS score or severity is provided in the source data. The CVE is not listed in CISA KEV.
Official resources
-
CVE-2024-46673 CVE record
CVE.org
-
CVE-2024-46673 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
published