PatchSiren cyber security CVE debrief
CVE-2024-47707 Siemens CVE debrief
A NULL pointer dereference vulnerability exists in the Linux kernel's IPv6 routing subsystem within the rt6_uncached_list_flush_dev() function. The vulnerability stems from a missing NULL check that was inadvertently removed by a previous commit, potentially allowing a local attacker to trigger a denial of service condition. The vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems through their GNU/Linux subsystem.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SIMATIC S7-1500 TM MFP industrial control systems with the GNU/Linux subsystem enabled should prioritize this vulnerability. System administrators responsible for OT/ICS environments, security teams managing industrial networks, and personnel with interactive shell access to affected devices should be aware of this issue. The vulnerability is particularly relevant for environments where multiple users or applications have access to the Linux subsystem on these industrial controllers.
Technical summary
The vulnerability exists in the rt6_uncached_list_flush_dev() function in the Linux kernel's IPv6 implementation. This function is responsible for flushing uncached IPv6 routing entries associated with a network device when that device is being removed or reconfigured. A previous commit removed a necessary NULL pointer check, creating conditions where a NULL dereference can occur. This is classified as CWE-476 (NULL Pointer Dereference). The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact through denial of service. No confidentiality or integrity impacts are associated with this vulnerability.
Defensive priority
medium
Recommended defensive actions
- Limit access to the interactive shell of the GNU/Linux subsystem to trusted personnel only
- Only build and run applications from trusted sources
- Monitor for availability impacts on affected systems
- Apply vendor patches when released by Siemens
- Review network segmentation to limit exposure of affected industrial control systems
Evidence notes
The vulnerability description indicates this is a regression bug where a necessary NULL check was removed by a previous commit in the Linux kernel IPv6 routing code. The rt6_uncached_list_flush_dev() function is part of the IPv6 uncached route handling, which manages temporary routing entries that are not stored in the main routing cache.
Official resources
-
CVE-2024-47707 CVE record
CVE.org
-
CVE-2024-47707 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09