PatchSiren cyber security CVE debrief
CVE-2024-46854 Siemens CVE debrief
CVE-2024-46854 is a high-severity information disclosure vulnerability in the Linux kernel's DPAA (Data Path Acceleration Architecture) network driver. The flaw occurs when transmitting packets smaller than 60 bytes (ETH_ZLEN), where up to three bytes of memory immediately following the packet buffer may be leaked onto the network. This constitutes an out-of-bounds read (CWE-125) that could expose sensitive kernel memory contents to remote observers. The vulnerability was resolved by padding all transmitted packets to the minimum Ethernet frame length of 60 bytes, ensuring no uninitialized memory is transmitted. The issue is reproducible using standard network tools—specifically, sending 11-byte ICMP echo requests (ping -s 11) triggers the condition. Siemens has identified this vulnerability as affecting the GNU/Linux subsystem of their SIMATIC S7-1500 TM MFP industrial control product, with no patch currently available as of the source advisory's last update.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled; network administrators managing Linux-based embedded or industrial systems utilizing Freescale/NXP DPAA network acceleration; security teams responsible for OT/ICS environment hardening and vulnerability management; and kernel maintainers for embedded Linux distributions shipping DPAA driver support.
Technical summary
The DPAA (Data Path Acceleration Architecture) network driver in the Linux kernel fails to properly pad Ethernet frames shorter than the minimum 60-byte length (ETH_ZLEN). When transmitting packets under this threshold, the driver transmits up to three bytes of uninitialized or sensitive memory that follows the actual packet data in the buffer. This out-of-bounds read vulnerability (CWE-125) can be triggered by sending small packets, such as 11-byte ICMP payloads, resulting in information disclosure to network observers. The fix extends all transmitted packets to ETH_ZLEN, ensuring padding bytes contain no leaked data.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided kernel updates when available for affected Siemens SIMATIC S7-1500 TM MFP systems
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and execute only applications from trusted sources on affected systems
- Monitor network traffic for anomalous small packet patterns that may indicate exploitation attempts
- Implement network segmentation to limit exposure of affected industrial control systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description and remediation status are derived from CISA CSAF advisory ICSA-24-102-01 and Siemens security advisory SSA-265688. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) indicates a local attack vector with high impact to confidentiality and availability. The source advisory explicitly states 'Currently no fix is available' for the affected Siemens product.
Official resources
-
CVE-2024-46854 CVE record
CVE.org
-
CVE-2024-46854 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09