PatchSiren cyber security CVE debrief
CVE-2024-49867 Siemens CVE debrief
This CVE describes a race condition in the Linux Btrfs filesystem where fixup workers may not complete before the cleaner kthread is stopped during filesystem unmount (close_ctree()). The issue was originally published on 2025-08-12 and last modified on 2026-02-25. Siemens ProductCERT issued advisory SSA-355557 covering this vulnerability in third-party components used within SINEC OS, affecting industrial networking products including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA republished this advisory as ICSA-25-226-07. Notably, the source advisory's threat assessment categorizes the impact as 'Misinformed' for the affected product IDs, suggesting the vulnerability may not be exploitable in the specific Siemens product context or that the impact assessment differs from the upstream Linux kernel issue. No CVSS score is available in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
System administrators managing Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family devices; security teams responsible for industrial control system infrastructure; organizations utilizing SINEC OS-based products with Btrfs filesystem support.
Technical summary
CVE-2024-49867 is a race condition vulnerability in the Linux Btrfs filesystem. During filesystem unmount, the close_ctree() function may stop the cleaner kthread before fixup workers have completed their operations. This synchronization issue could potentially lead to incomplete cleanup operations. The vulnerability affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable Btrfs implementation. However, Siemens has assessed the impact as 'Misinformed' in their advisory, indicating the vulnerability may not be exploitable in their specific product configuration or that the risk differs from the upstream kernel issue.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for specific product impact assessments and patch availability
- Verify Btrfs filesystem usage on affected Siemens industrial networking equipment
- Apply vendor-provided firmware updates for SINEC OS-based products when available
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a synchronization issue during Btrfs unmount operations. The Siemens CSAF advisory (SSA-355557) and CISA republication (ICSA-25-226-07) list affected products but mark the impact as 'Misinformed' in the threats section for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The advisory was updated multiple times, with the most recent revision on 2026-02-25 clarifying affected configurations and removing rejected CVEs.
Official resources
-
CVE-2024-49867 CVE record
CVE.org
-
CVE-2024-49867 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12