PatchSiren cyber security CVE debrief
CVE-2024-46840 Siemens CVE debrief
CVE-2024-46840 addresses improper error handling in the Linux kernel's Btrfs filesystem, specifically during snapshot deletion operations. The vulnerability stems from multiple instances where BUG_ON(refs == 0) assertions were used without adequate locking or corruption validation, potentially causing system crashes or inconsistent state. The fix converts these fatal assertions to proper error returns (-EUCLEAN for corruption cases), improving resilience against extent tree corruption and race conditions. Siemens has identified this as affecting certain industrial networking products running SINEC OS that incorporate the vulnerable kernel component.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment (SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, RUGGEDCOM RST2428P) running SINEC OS should monitor for vendor patches. System administrators managing Btrfs-based systems should ensure kernel updates incorporate this fix. Industrial control system operators should follow CISA guidance for defense-in-depth security practices.
Technical summary
The Btrfs filesystem in the Linux kernel contained multiple locations in snapshot deletion code paths where BUG_ON(refs == 0) assertions could trigger system crashes. In reada(), the lack of extent leaf locking created potential for transient incorrect reference counts. In walk_down_proc() and walk_up_proc(), these assertions could fire due to extent tree corruption. The remediation converts these fatal assertions to proper error handling: returning -EUCLEAN for corruption-detected cases and correcting do_walk_down() to return -EUCLEAN rather than -EIO when reference count anomalies are detected. This improves system stability and provides more appropriate error signaling for filesystem integrity issues.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify kernel/Btrfs component versions in SINEC OS deployments against vendor security guidance
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Apply vendor-provided firmware updates when available for affected SCALANCE and RUGGEDCOM products
- Implement defense-in-depth controls per CISA ICS recommended practices for industrial control systems
Evidence notes
Per CISA ICS advisory ICSA-25-226-07 (2025-08-12), this CVE was initially published with affected product listings that were subsequently corrected. The 2026-02-25 revision reflects CISA republication based on Siemens ProductCERT SSA-355557. The source advisory explicitly marks impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. No CVSS score or severity rating is present in the source corpus. The vulnerability description indicates this is a code quality/defensive programming fix in Btrfs snapshot deletion error paths, converting BUG_ON assertions to proper error handling.
Official resources
-
CVE-2024-46840 CVE record
CVE.org
-
CVE-2024-46840 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12