PatchSiren cyber security CVE debrief
CVE-2024-50234 Siemens CVE debrief
CVE-2024-50234 is a race condition vulnerability in the Linux kernel's iwlegacy wireless driver affecting the Intel iwl4965 device. The flaw occurs when stale interrupts are not cleared before resuming the device from hibernation, creating a race condition between the resume process and restart work. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting their RUGGEDCOM RST2428P (6GK6242-6PA00) product, though the CISA advisory marks the impact assessment as 'Misinformed' for the affected product IDs. The vulnerability stems from improper synchronization during device power state transitions, specifically failing to clear pending interrupt status before allowing the resume sequence to proceed. This can lead to unpredictable behavior when the device restart workqueue runs concurrently with the system resume path.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P industrial networking equipment with wireless capabilities, industrial control system operators using Linux-based wireless infrastructure, and security teams responsible for patching kernel-level vulnerabilities in operational technology environments.
Technical summary
The vulnerability exists in the iwlegacy driver (drivers/net/wireless/intel/iwlegacy/) which supports legacy Intel wireless devices including the iwl4965. During system resume from hibernation, the driver fails to clear stale interrupt status registers before re-enabling interrupts. This creates a race window where pending interrupts from the pre-hibernation state may be processed while the device restart workqueue is also executing. The concurrent execution paths can lead to use-after-free conditions, null pointer dereferences, or other memory corruption issues depending on the exact timing. The flaw is triggered specifically during power management state transitions and requires the device to have experienced interrupt activity prior to hibernation.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify kernel version on affected Siemens RUGGEDCOM RST2428P devices and apply vendor-provided updates
- Monitor CISA ICS advisories for updates to ICSA-25-226-07 as the advisory has undergone multiple revisions
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Consider network segmentation for affected wireless infrastructure devices until patches can be applied
Evidence notes
The vulnerability description is sourced from the CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat category in the source data is marked as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003, indicating potential uncertainty about actual impact. The CVE was republished by CISA on February 25, 2026 based on updated Siemens advisory information. No CVSS score or severity is available in the source data.
Official resources
-
CVE-2024-50234 CVE record
CVE.org
-
CVE-2024-50234 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12