PatchSiren cyber security CVE debrief
CVE-2024-50151 Siemens CVE debrief
A slab-out-of-bounds write vulnerability exists in the Linux kernel's SMB client (CIFS) when handling encrypted SMB2 IOCTL requests. The flaw occurs in smb2_set_next_command() during request buffer consolidation for encryption. SMB2_ioctl_init() allocates a 448-byte buffer for the SMB2_IOCTL request; when a user provides an input buffer exceeding 328 bytes, the subsequent buffer squashing operation writes past the allocated memory boundary. This vulnerability is triggered when using SMB encryption, either server-enforced or via the 'seal' mount option. The KASAN-detected write of 4,116 bytes demonstrates significant memory corruption potential. Siemens has confirmed this affects the GNU/Linux subsystem of SIMATIC S7-1500 TM MFP industrial control devices, with no patch currently available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations running Siemens SIMATIC S7-1500 TM MFP with the GNU/Linux subsystem enabled, particularly those using SMB/CIFS mounts with encryption. Industrial operators with CIFS-dependent workflows and limited patch availability should prioritize access controls.
Technical summary
The vulnerability stems from insufficient buffer size validation in the SMB2 client implementation. When smb2_ioctl_init() allocates a 448-byte request buffer and smb2_set_next_command() consolidates buffers for encryption, input buffers larger than 328 bytes cause a write beyond the allocated slab memory. The KASAN report shows a 4,116-byte write operation triggering the out-of-bounds access. This affects local attackers with low privileges who can mount SMB shares with encryption enabled.
Defensive priority
HIGH
Recommended defensive actions
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Build and run only applications from trusted sources
- Monitor for anomalous SMB client activity on affected systems
- Apply kernel updates from Siemens when available
- Consider network segmentation to limit SMB exposure for affected industrial devices
Evidence notes
The vulnerability was resolved in the Linux kernel per the CVE description. CISA's ICS advisory ICSA-24-102-01 (published 2024-04-09, last modified 2026-05-14) tracks this issue for Siemens industrial products. The advisory's remediation section explicitly states 'Currently no fix is available' for the affected product.
Official resources
-
CVE-2024-50151 CVE record
CVE.org
-
CVE-2024-50151 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09