CVE-2024-50127 Siemens CVE debrief

Who should care

Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with GNU/Linux subsystem; Linux kernel maintainers for networking subsystem; OT security teams managing time-sensitive networking (TSN) implementations; organizations using taprio for deterministic Ethernet scheduling in critical infrastructure.

Technical summary

The vulnerability exists in the taprio (Time-Aware Priority Shaper) network scheduler in the Linux kernel. The taprio_change() function manages administrative schedule configurations through an 'admin' pointer. During schedule advancement via advance_sched(), concurrent operations can cause the 'admin' pointer to reference freed memory. The existing locking mechanism (q->current_entry_lock) does not adequately protect against this race condition. The fix replaces rcu_assign_pointer() with rcu_replace_pointer() to ensure immediate pointer update before scheduling memory freeing, preventing the dangling pointer scenario. This is a classic RCU (Read-Copy-Update) synchronization issue where the grace period and pointer update ordering creates a window for use-after-free access.

Defensive priority

HIGH

Recommended defensive actions

• Limit access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only
• Only build and run applications from trusted sources
• Monitor for vendor security updates as no patch is currently available
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Review network segmentation to limit exposure of affected systems

Evidence notes

CVE published 2024-04-09. CISA ICS advisory ICSA-24-102-01 published same date. Advisory last modified 2026-05-14 with multiple additional releases through September 2025 adding related CVEs. Siemens SSA-265688 provides vendor-specific guidance. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Official resources