PatchSiren cyber security CVE debrief
CVE-2024-50134 Siemens CVE debrief
A field-spanning write error in the Linux kernel's drm/vboxvideo driver, affecting the vbva_mouse_pointer_shape structure, has been resolved. The vulnerability stemmed from a fake variable-length array (VLA) at the end of the structure that triggered memcpy safety checks. The fix replaces this with a proper VLA declaration. Siemens has identified this as affecting the GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP industrial control product. No patch is currently available from the vendor; mitigations focus on restricting access to trusted personnel and ensuring only trusted applications are executed.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using Siemens SIMATIC S7-1500 TM MFP with the GNU/Linux subsystem enabled; OT security teams managing manufacturing or process control environments; asset owners responsible for patching Linux-based embedded systems in critical infrastructure
Technical summary
The vulnerability exists in the drm/vboxvideo driver within the Linux kernel, specifically in the vbva_mouse_pointer_shape structure. The original implementation used a fake variable-length array (VLA) at the structure's end, which caused memcpy operations to trigger field-spanning write detection errors. The kernel fix replaces this with a legitimate VLA declaration. The issue affects the GNU/Linux subsystem of Siemens SIMATIC S7-1500 TM MFP industrial controllers. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector requiring low privileges, with high availability impact but no confidentiality or integrity impact. The source notes that the original buffer length calculation appears to be 4 bytes oversized, though this behavior was preserved in the fix.
Defensive priority
medium
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem of affected Siemens SIMATIC S7-1500 TM MFP devices to trusted personnel only
- Ensure only applications from trusted sources are built and executed on affected systems
- Monitor for vendor security advisories from Siemens regarding patch availability for SSA-265688
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Assess operational technology network segmentation to limit potential local attack vectors
Evidence notes
CVE published 2024-04-09. CISA CSAF advisory ICSA-24-102-01 first published same date, with multiple subsequent releases adding related CVEs through 2025-09-09. Siemens advisory SSA-265688 cross-referenced. CVSS 5.5 (MEDIUM) per source, vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicating local attack vector with low complexity, low privileges required, and high availability impact.
Official resources
-
CVE-2024-50134 CVE record
CVE.org
-
CVE-2024-50134 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public