PatchSiren cyber security CVE debrief
CVE-2024-50210 Siemens CVE debrief
A vulnerability in the Linux kernel's POSIX clock subsystem could allow a local attacker to cause a denial of service through unbalanced locking in the pc_clock_settime() function. The flaw occurs when get_clock_desc() successfully acquires a read lock on clk->rwsem and increments a file descriptor reference count, but subsequent error paths fail to release these resources. This results in lock imbalance and file descriptor reference count leaks, potentially leading to resource exhaustion or system instability. The vulnerability affects Siemens SIMATIC S7-1500 TM MFP industrial control systems that utilize the GNU/Linux subsystem. The issue was resolved by reordering validation checks to occur before lock acquisition, ensuring that error paths do not leave resources held.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators, OT security teams, and organizations deploying Siemens SIMATIC S7-1500 TM MFP controllers with GNU/Linux subsystems should prioritize this vulnerability. The affected systems are commonly used in manufacturing and critical infrastructure environments where availability is paramount. System administrators responsible for embedded Linux environments and kernel maintenance should also monitor for similar posix-clock subsystem issues.
Technical summary
The pc_clock_settime() function in the Linux kernel's POSIX clock subsystem contains an unbalanced locking vulnerability. When get_clock_desc() succeeds, it acquires the clk->rwsem read lock and increments a file descriptor reference via fget(). However, certain error paths fail to release these resources, resulting in lock imbalance and reference count leaks. The vulnerability specifically manifests when timespec64_valid_strict() validation fails after lock acquisition. The remediation reorders validation to occur before get_clock_desc(), ensuring that error paths cannot leave resources in an inconsistent state. This is classified as CWE-667 (Improper Locking) with CVSS 3.1 score of 5.5 (MEDIUM), requiring local access with low privileges to exploit.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided kernel updates for affected Siemens SIMATIC S7-1500 TM MFP systems when available
- Restrict interactive shell access to the GNU/Linux subsystem to trusted personnel only
- Implement application whitelisting to ensure only trusted applications are built and executed on affected systems
- Monitor for anomalous resource consumption patterns that may indicate exploitation attempts
- Review and implement CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates this is a Linux kernel posix-clock subsystem issue involving unbalanced locking in pc_clock_settime(). The flaw was introduced when error paths failed to release locks and file descriptor references acquired by get_clock_desc(). The fix reorders timespec64_valid_strict() validation to occur before get_clock_desc() to prevent the unbalanced state. Siemens has confirmed this affects the GNU/Linux subsystem of SIMATIC S7-1500 TM MFP industrial controllers. CISA published advisory ICSA-24-102-01 on 2024-04-09 with this CVE included in later revisions (Additional Release 6 on 2025-06-10).
Official resources
-
CVE-2024-50210 CVE record
CVE.org
-
CVE-2024-50210 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09