PatchSiren cyber security CVE debrief
CVE-2024-50044 Siemens CVE debrief
CVE-2024-50044 describes a possible deadlock condition in the Linux kernel's Bluetooth RFCOMM subsystem. The vulnerability exists because `rfcomm_sk_state_change` attempts to acquire `sock_lock`, but must never be called with that lock already held. However, `rfcomm_sock_ioctl` always attempts to lock `sock_lock` before calling `rfcomm_sk_state_change`, creating a potential deadlock scenario. This is a classic locking order violation that could cause system hangs or denial of service conditions in Bluetooth RFCOMM socket operations. The issue has been resolved in the Linux kernel. Siemens has assessed this CVE as 'Misinformed' for their affected product lines (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family), indicating the vulnerability does not actually affect these products as initially reported. The CVE was published on 2025-08-12 and last modified on 2026-02-25, with CISA republishing updates based on Siemens ProductCERT advisory SSA-355557.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations running Linux systems with Bluetooth RFCOMM functionality should verify their kernel versions. Operators of Siemens RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH series industrial Ethernet switches can disregard this CVE for their specific products based on Siemens' assessment, though general security hygiene practices remain recommended.
Technical summary
This CVE addresses a locking issue in the Linux kernel's Bluetooth RFCOMM (Radio Frequency Communication) protocol implementation. The function `rfcomm_sk_state_change` requires `sock_lock` to be unlocked when called, but `rfcomm_sock_ioctl` holds this lock before invoking the state change function. This creates a potential deadlock where the kernel could hang waiting for a lock it already holds. The vulnerability is classified as 'Misinformed' for Siemens industrial networking products, meaning the initial reports of impact were incorrect and these products are not actually vulnerable.
Defensive priority
low
Recommended defensive actions
- Verify Linux kernel version and apply vendor-provided security patches if running affected Bluetooth RFCOMM implementations
- Review Siemens ProductCERT advisory SSA-355557 for definitive product impact assessment
- For Siemens SCALANCE and RUGGEDCOM products, no action required based on 'Misinformed' classification
- Monitor CISA ICS advisories for any future updates to this assessment
- Apply defense-in-depth practices for industrial control systems per CISA guidance
Evidence notes
The source CISA CSAF advisory ICSA-25-226-07 explicitly marks this CVE with threat category 'impact' and details 'Misinformed' for all listed product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003), indicating Siemens has determined this vulnerability does not actually affect their products. The CVE description from the Linux kernel describes a resolved deadlock condition in Bluetooth RFCOMM socket handling. The advisory revision history shows multiple updates, with the most recent on 2026-02-25 being a 'CISA Republication update based on Siemens ProductCERT SSA-355557 advisory'.
Official resources
-
CVE-2024-50044 CVE record
CVE.org
-
CVE-2024-50044 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12