Details of VAR-202405-1301

ID

VAR-202405-1301

CVE

CVE-2024-27013

TITLE

Linux of Linux Kernel Vulnerabilities related to restricted or unthrottled resource allocation in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2024-003223

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected. net_ratelimit mechanism can be used to limit the dumping rate. PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e #3 [fffffe00003fced0] do_nmi at ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in at ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 #10 [ffffa65531497ac8] console_unlock at ffffffff89316124 #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 #12 [ffffa65531497b68] printk at ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread at ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f. Linux of Linux Kernel Vulnerabilities exist in products from multiple vendors, such as Unlimited or Unthrottled Resource Allocation.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server

Trust: 2.16

sources: NVD: CVE-2024-27013 // JVNDB: JVNDB-2024-003223 // CNVD: CNVD-2025-19346

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19346

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	eq	version:	6.9	Trust: 1.8
vendor:	linux	model:	kernel	scope:	gte	version:	5.11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	38	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.5	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.313	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.6.29	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.16	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	2.6.35	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.10.216	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.1.88	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.8.8	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.4.275	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	39	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	40	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.7	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.15.157	Trust: 1.0
vendor:	linux	model:	kernel	scope:	eq	version:	6.2 that's all 6.6.29	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.7 that's all 6.8.8	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.11 that's all 5.15.157	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.20 that's all 5.4.275	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.5 that's all 5.10.216	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.16 that's all 6.1.88	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.35 that's all 4.19.313	Trust: 0.8
vendor:	siemens	model:	ruggedcom rst2428p	scope:	lt	version:	v3.1	Trust: 0.6
vendor:	siemens	model:	scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 family	scope:	lt	version:	v3.1	Trust: 0.6
vendor:	siemens	model:	scalance xcm-/xrm-/xch-/xrh-300 family	scope:	lt	version:	v3.1	Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-003223 // NVD: CVE-2024-27013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-27013
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-27013
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-19346
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19346
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-27013
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-27013
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-003223 // NVD: CVE-2024-27013

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003223 // NVD: CVE-2024-27013

PATCH

title:	limit printing rate when illegal packet received by tun dev (f8bbc07) Linux Kernel	url:	https://fedoraproject.org/ja/	Trust: 0.8
title:	Patch for Multiple vulnerabilities in Siemens SINEC OS third-party components	url:	https://www.cnvd.org.cn/patchInfo/show/723071	Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-003223

EXTERNAL IDS

db:	NVD	id:	CVE-2024-27013	Trust: 2.6
db:	SIEMENS	id:	SSA-613116	Trust: 1.6
db:	SIEMENS	id:	SSA-265688	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-003223	Trust: 0.8
db:	CNVD	id:	CNVD-2025-19346	Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-003223 // NVD: CVE-2024-27013

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-613116.html	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/damsozxjepuoxw33wzywcvay7z5s7ooy/	Trust: 1.0
url:	https://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa	Trust: 1.0
url:	https://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gcbzzec7l7ktwwas2nljk6so3izil4ww/	Trust: 1.0
url:	https://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540	Trust: 1.0
url:	https://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ez6pjw7voz224td7n4jznu6kv32zj53/	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-265688.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3	Trust: 1.0
url:	https://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713	Trust: 1.0
url:	https://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-27013	Trust: 0.8

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-003223 // NVD: CVE-2024-27013

SOURCES

db:	CNVD	id:	CNVD-2025-19346
db:	JVNDB	id:	JVNDB-2024-003223
db:	NVD	id:	CVE-2024-27013

LAST UPDATE DATE

2026-06-19T22:07:23.765000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19346	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2024-003223	date:	2024-05-27T08:15:00
db:	NVD	id:	CVE-2024-27013	date:	2026-05-12T12:16:29.670

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19346	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-003223	date:	2024-05-27T00:00:00
db:	NVD	id:	CVE-2024-27013	date:	2024-05-01T06:15:19.857