PatchSiren cyber security CVE debrief
CVE-2024-56748 Siemens CVE debrief
A memory leak vulnerability exists in the Linux kernel SCSI QEDF driver within the qedf_alloc_and_init_sb() function. The flaw occurs when DMA memory allocated for sb_virt is not released upon function failure, leading to resource exhaustion. The fix adds dma_free_coherent() to properly free memory on error paths, consistent with similar functions qedr_alloc_mem_sb() and qede_alloc_mem_sb(). Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, though the specific impact categorization indicates potential misinformation in initial assessments. The vulnerability originates from the upstream Linux kernel and affects products incorporating the vulnerable QEDF driver code.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM and SCALANCE product families in critical infrastructure environments. System administrators responsible for firmware lifecycle management of industrial Ethernet switches and routers. Security teams monitoring OT/ICS environments for kernel-level vulnerabilities in embedded Linux systems. Fibre Channel over Ethernet deployments utilizing QLogic-based adapters should assess exposure.
Technical summary
The vulnerability exists in the qedf_alloc_and_init_sb() function of the Linux kernel's SCSI QEDF (QLogic Fibre Channel over Ethernet) driver. When memory allocation or initialization fails after DMA coherent memory has been allocated for sb_virt, the error handling path fails to release the allocated DMA memory using dma_free_coherent(). This results in a memory leak that could lead to resource exhaustion over time. The correction aligns the error handling with comparable functions in related QLogic drivers (qedr_alloc_mem_sb() and qede_alloc_mem_sb()) by adding the appropriate dma_free_coherent() call before returning on failure paths. The vulnerability affects Siemens industrial networking products utilizing the vulnerable kernel code, including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify SINEC OS and related firmware versions on affected Siemens industrial networking equipment
- Monitor Siemens security advisories for kernel updates addressing the QEDF driver memory leak
- Apply vendor-provided firmware updates when available per organizational change management procedures
- For systems where immediate patching is not feasible, assess exposure of QEDF/Fibre Channel over Ethernet functionality and restrict network access to management interfaces accordingly
Evidence notes
The vulnerability description is derived from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The source indicates this CVE was initially included in a broader third-party component assessment for Siemens SINEC OS products. The threat categorization in the source marks this as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003, suggesting potential clarification or correction in impact assessment. The source was last modified on 2026-02-25 with a republication update based on Siemens ProductCERT SSA-355557 advisory.
Official resources
-
CVE-2024-56748 CVE record
CVE.org
-
CVE-2024-56748 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12