PatchSiren cyber security CVE debrief
CVE-2024-49879 Siemens CVE debrief
A NULL pointer dereference vulnerability exists in the omapdrm (OMAP Direct Rendering Manager) kernel driver. The alloc_ordered_workqueue function may return NULL on failure, but subsequent code may dereference this pointer without validation, leading to a kernel crash. This vulnerability affects the Linux kernel's DRM subsystem for TI OMAP SoCs. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, though the specific impact assessment indicates 'Misinformed' status per the CSAF advisory. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 2026 to correct affected product listings and clarify configuration details.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial switches running SINEC OS. OT security teams managing Linux-based industrial networking infrastructure and kernel maintainers for embedded/ARM systems using OMAP DRM should monitor vendor patches.
Technical summary
The omapdrm driver in the Linux kernel's DRM subsystem contains a vulnerability where alloc_ordered_workqueue() may return NULL on allocation failure, but the return value is not checked before dereference. This can trigger a NULL pointer dereference and kernel oops/panic. The vulnerability exists in the TI OMAP display driver code path. Siemens industrial networking products incorporating affected kernel versions are potentially exposed, though the vendor's threat assessment indicates 'Misinformed' status suggesting potential discrepancy in initial impact assessment.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify SINEC OS version and installed kernel packages against vendor security bulletin
- Apply vendor-provided firmware updates when available per Siemens RUGGEDCOM/SCALANCE product security guidance
- Monitor CISA ICS advisories for additional guidance on industrial control system mitigations
- Implement network segmentation for affected industrial networking equipment per ICS-CERT recommended practices
Evidence notes
The source CSAF advisory (ICSA-25-226-07) from CISA indicates this CVE was included in Siemens ProductCERT advisory SSA-355557 covering third-party components in SINEC OS. The advisory's threat assessment categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The revision history shows multiple updates: initial publication (2025-08-12), corrected product listings (2026-02-12), clarified affected configurations and removed rejected CVEs (2026-02-24), and final CISA republication (2026-02-25).
Official resources
-
CVE-2024-49879 CVE record
CVE.org
-
CVE-2024-49879 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12