CVE-2024-56747 Siemens CVE debrief

Who should care

System administrators managing Siemens industrial networking equipment; security teams responsible for OT/ICS infrastructure; organizations running Linux-based embedded systems with QLogic iSCSI hardware

Technical summary

The vulnerability exists in the qedi_alloc_and_init_sb() function of the Linux kernel's SCSI QEDI (QLogic Enhanced iSCSI Device Interface) driver. When memory allocation or initialization fails after DMA coherent memory has been allocated for sb_virt, the function returns without freeing the allocated DMA memory. This leads to a memory leak that could eventually exhaust system resources. The fix adds proper dma_free_coherent() calls on error paths to release the allocated memory, matching the error handling patterns in related QLogic driver functions.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
• Verify kernel version on affected Siemens industrial networking devices (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family)
• Apply vendor-provided firmware updates when available
• Monitor device memory utilization for signs of resource exhaustion
• Implement network segmentation for industrial control systems per CISA recommended practices

Evidence notes

The vulnerability description is derived from the CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The source indicates this CVE was initially included in the advisory but was later marked as 'Misinformed' impact in the threats section, suggesting the affected product assessment may have changed. The CVE was retained in the advisory's revision history through the February 25, 2026 republication. No CVSS score or severity is available in the source corpus.

Official resources