PatchSiren cyber security CVE debrief
CVE-2024-56701 Siemens CVE debrief
This CVE describes a kernel-level locking issue in the Linux powerpc/pseries subsystem. The dtl_access_lock is implemented as a spinlock, but the code calls kmalloc() while holding it, which can sleep. This violates kernel locking rules and can lead to system instability or deadlock conditions. The issue was originally published on 2025-08-12 and last modified on 2026-02-25. Siemens has assessed this CVE as 'Misinformed' for their affected product lines (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family), indicating the vulnerability does not actually affect these products as initially reported. The advisory has undergone multiple revisions, with the most recent update on 2026-02-25 reflecting CISA republication based on Siemens ProductCERT SSA-355557 advisory. No CVSS score or severity rating is available in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Linux on IBM Power Systems (powerpc/pseries) with custom kernel builds should review their locking implementations. Users of Siemens RUGGEDCOM and SCALANCE industrial networking equipment should verify current advisory status, though this specific CVE is assessed as not affecting those products.
Technical summary
The vulnerability stems from a kernel locking implementation error in the powerpc/pseries platform code. The dtl_access_lock is defined as a spinlock, which cannot sleep, but the code path calls kmalloc() while holding this lock. kmalloc() can sleep when memory allocation requires reclaim or other blocking operations. The correct implementation would use an rw_semaphore, which is a sleeping lock appropriate for contexts where allocation may block. This type of bug typically manifests as kernel warnings, hangs, or deadlocks under memory pressure conditions. Siemens has determined this CVE does not actually affect their listed products, marking it as 'Misinformed' in their threat assessment.
Defensive priority
low
Recommended defensive actions
- Verify that affected Siemens product lines (RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH families) are running current firmware versions as specified in Siemens ProductCERT advisory SSA-355557
- Review kernel lock type usage in any custom Linux kernel builds for powerpc/pseries platforms, ensuring kmalloc() calls are not made while holding spinlocks
- Monitor Siemens ProductCERT and CISA ICS advisories for any future reassessment of this CVE's impact status
- Apply standard defense-in-depth practices for industrial control systems per CISA recommended practices
Evidence notes
The source CISA CSAF advisory (ICSA-25-226-07) explicitly marks this CVE with threat category 'impact' and details 'Misinformed' for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The advisory revision history shows this CVE was retained through multiple updates while other CVEs were removed as rejected in the 2026-02-24 revision. The technical description indicates a Linux kernel powerpc/pseries issue with improper lock type selection (spinlock vs. rw_semaphore).
Official resources
-
CVE-2024-56701 CVE record
CVE.org
-
CVE-2024-56701 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12