PatchSiren cyber security CVE debrief
CVE-2024-50006 Siemens CVE debrief
CVE-2024-50006 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's ext4 filesystem, specifically affecting the `ext4_ind_migrate()` function. The issue involves an incorrect unlock order for the `i_data_sem` semaphore, which could lead to a deadlock condition. This vulnerability was resolved in the Linux kernel, and Siemens has identified affected products in their industrial networking equipment lineup. The vulnerability was published on August 12, 2025, with subsequent modifications to the advisory through February 25, 2026, including corrections to affected product lists and clarifications on product family configurations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment, particularly in critical infrastructure environments such as energy, manufacturing, and transportation. System administrators responsible for maintaining RUGGEDCOM and SCALANCE switch firmware should prioritize this update. Security teams monitoring industrial control systems for availability risks should track this vulnerability due to its potential to cause network device hangs. Compliance officers in regulated industries should ensure firmware update procedures address this medium-severity vulnerability within appropriate timeframes.
Technical summary
The vulnerability exists in the Linux kernel's ext4 filesystem implementation, specifically within the `ext4_ind_migrate()` function. The issue is an incorrect unlock order for the `i_data_sem` semaphore, which is used to protect inode data operations during extent-to-indirect block migration. When the semaphore is unlocked in the wrong order, it can result in a deadlock condition, causing system hangs and denial of service. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates this is a local vulnerability requiring low privileges, with high availability impact. Affected Siemens products include RUGGEDCOM RST2428P switches and multiple SCALANCE industrial Ethernet switch families that incorporate the vulnerable Linux kernel version.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates: Update RUGGEDCOM RST2428P (6GK6242-6PA00) and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Monitor for anomalous filesystem operations or system hangs that could indicate deadlock conditions
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description is sourced from the CISA CSAF advisory ICSA-25-226-07, which references the Linux kernel fix for `ext4_ind_migrate()`. Siemens ProductCERT advisory SSA-355557 provides the authoritative vendor remediation guidance. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges, with high availability impact but no confidentiality or integrity impact.
Official resources
-
CVE-2024-50006 CVE record
CVE.org
-
CVE-2024-50006 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public