CVE-2024-56532 Siemens CVE debrief

Who should care

Organizations running Linux-based industrial control systems, particularly those using Siemens RUGGEDCOM RST2428P devices or other systems with USB audio connectivity. System administrators maintaining embedded Linux deployments with ALSA sound support should monitor for kernel updates addressing this driver issue.

Technical summary

The ALSA us122l driver in the Linux kernel uses snd_card_free() during USB device disconnection. This function waits for all open file descriptors to close before completing, which can cause significant delays. When these delays occur, they block upper-layer USB ioctl operations, potentially triggering a kernel soft lockup. This represents a local denial-of-service condition that could affect system availability. The vulnerability is particularly relevant for embedded and industrial systems using USB audio interfaces based on the Tascam US-122L hardware.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT SSA-355557 advisory for current product impact assessment
• Monitor CISA ICS advisory ICSA-25-226-07 for updates on affected product configurations
• Apply kernel updates from Linux distribution vendors that address ALSA us122l driver timing issues
• For affected Siemens RUGGEDCOM RST2428P deployments, follow vendor guidance for patch management
• Implement defense-in-depth strategies per CISA ICS recommended practices for industrial control systems

Evidence notes

The vulnerability description indicates a soft lockup condition in the ALSA us122l driver during USB disconnection. Siemens ProductCERT SSA-355557 advisory and CISA ICSA-25-226-07 provide the authoritative product impact assessment. The CISA advisory revision history shows multiple updates through 2026-02-25, with the latest republication based on the Siemens advisory. The threat category is marked as 'Misinformed' for affected products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003 in the source data.

Official resources