PatchSiren cyber security CVE debrief
CVE-2024-56593 Siemens CVE debrief
CVE-2024-56593 is a NULL pointer dereference vulnerability in the Linux kernel's brcmfmac Wi-Fi driver, specifically within the `brcmf_sdiod_sglist_rw()` function. The flaw manifests when a high `sd_sgentry_align` value (e.g., 512) is configured and numerous queued SKBs (socket buffers) are transmitted from the packet queue, potentially causing a kernel oops (crash). The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens ProductCERT issued advisory SSA-355557 addressing this issue in their SINEC OS and related industrial networking products. CISA republished this advisory as ICSA-25-226-07. Notably, the CISA CSAF source marks the impact assessment for affected Siemens products as 'Misinformed,' indicating potential discrepancies in initial severity or applicability assessments. The vulnerability affects Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. No CVSS score is currently available in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure with Wi-Fi capabilities, particularly RUGGEDCOM RST2428P and SCALANCE XC/XR series devices. OT security teams managing SINEC OS deployments and Linux-based industrial gateways using Broadcom FullMAC Wi-Fi chipsets should prioritize patch verification.
Technical summary
The vulnerability exists in the brcmfmac driver's SDIO scatter-gather list read/write function. When `sd_sgentry_align` is set to high values (512 bytes) and the packet queue contains many queued SKBs, the driver may dereference a NULL pointer during scatter-gather operations, resulting in a kernel oops. This is a memory safety defect in kernel-space Wi-Fi driver code handling DMA-aligned buffer operations. The flaw is triggered under specific memory pressure and alignment conditions during high-volume packet transmission scenarios.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific patch availability and version information
- Verify SINEC OS and brcmfmac driver versions on affected Siemens RUGGEDCOM and SCALANCE devices
- Apply kernel updates or vendor-provided patches that address the NULL pointer dereference in brcmf_sdiod_sglist_rw()
- Monitor CISA ICS advisories for updates to ICSA-25-226-07 regarding corrected impact assessments
- Implement network segmentation for industrial Wi-Fi deployments to limit exposure of vulnerable brcmfmac-dependent systems
- Consult Siemens support for guidance on `sd_sgentry_align` configuration mitigations if immediate patching is not feasible
Evidence notes
Vulnerability description derived from CISA CSAF advisory ICSA-25-226-07 and Siemens ProductCERT SSA-355557. Impact assessment marked 'Misinformed' per source threats data. Affected products identified from CSAF product tree.
Official resources
-
CVE-2024-56593 CVE record
CVE.org
-
CVE-2024-56593 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12