PatchSiren cyber security CVE debrief
CVE-2024-50046 Siemens CVE debrief
A NULL-pointer dereference vulnerability exists in the Linux kernel's NFSv4 implementation, specifically within the nfs42_complete_copies() function. This flaw can trigger a kernel crash when files are copied between locations on the same NFS server from an NFS client node. The vulnerability has been resolved in the upstream Linux kernel. Siemens has identified affected products in its industrial networking portfolio and provided vendor fixes. The issue carries a CVSS 3.1 score of 5.5 (MEDIUM severity), indicating localized impact with potential for denial of service through system crashes.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment with NFS client capabilities, particularly in environments where RUGGEDCOM RST2428P or SCALANCE X-series switches function as NFS clients. System administrators maintaining Linux-based industrial systems with NFSv4.2 mounts should also prioritize this fix to prevent unexpected kernel crashes during file copy operations.
Technical summary
The vulnerability resides in nfs42_complete_copies() within the Linux kernel's NFSv4.2 client implementation. When performing copy operations where source and destination reside on the same NFS server, improper pointer handling can result in a NULL-pointer dereference, causing a kernel oops or panic. The flaw is triggered during the completion phase of server-side copy operations (SSC), where the kernel fails to validate pointer state before dereference. This represents a local denial-of-service condition with no confidentiality or integrity impact per the CVSS scoring.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to affected Siemens products: update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Monitor for kernel crashes on NFS client nodes performing copy operations to same-server destinations
- Implement network segmentation for industrial control systems to limit NFS traffic exposure
- Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial networking infrastructure
Evidence notes
CVE published 2025-08-12 per official CVE record. CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative vendor source. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.
Official resources
-
CVE-2024-50046 CVE record
CVE.org
-
CVE-2024-50046 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12