Details of VAR-202410-1728

ID

VAR-202410-1728

CVE

CVE-2024-47684

TITLE

Linux of Linux Kernel In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-010985

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also saw it getting hit from the RACK case as well. Here are examples of the oops messages we saw in each of those cases: Jul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020 Jul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode Jul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page Jul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0 Jul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI Jul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu Jul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023 Jul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 <48> 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3 Jul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246 Jul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000 Jul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60 Jul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8 Jul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900 Jul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30 Jul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000 Jul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0 Jul 26 15:05:02 rx [11061395.913822] PKRU: 55555554 Jul 26 15:05:02 rx [11061395.916786] Call Trace: Jul 26 15:05:02 rx [11061395.919488] Jul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f Jul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9 Jul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380 Jul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0 Jul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50 Jul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0 Jul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20 Jul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450 Jul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140 Jul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90 Jul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0 Jul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40 Jul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220 Jul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240 Jul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0 Jul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240 Jul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130 Jul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280 Jul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10 Jul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30 Jul 26 15:05:02 rx [11061396.017718] ? lapic_next_even ---truncated---. Linux of Linux Kernel for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.16

sources: NVD: CVE-2024-47684 // JVNDB: JVNDB-2024-010985 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	eq	version:	3.10.108	Trust: 1.8
vendor:	linux	model:	kernel	scope:	lt	version:	6.11.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.11	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.16	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.6.54	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.13	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.10.13	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.11	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.1.113	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.7	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.10.227	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.15.168	Trust: 1.0
vendor:	linux	model:	kernel	scope:	eq	version:	6.11 that's all 6.11.2	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.11 that's all 5.15.168	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.16 that's all 6.1.113	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.13 that's all 5.10.227	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.2 that's all 6.6.54	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.7 that's all 6.10.13	Trust: 0.8
vendor:	siemens	model:	ruggedcom rst2428p	scope:	lt	version:	v3.2	Trust: 0.6
vendor:	siemens	model:	scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 family	scope:	lt	version:	v3.2	Trust: 0.6
vendor:	siemens	model:	scalance xcm-/xrm-/xch-/xrh-300 family	scope:	lt	version:	v3.2	Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-010985 // NVD: CVE-2024-47684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-47684
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-47684
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-19350
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19350
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-47684
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-47684
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-010985 // NVD: CVE-2024-47684

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010985 // NVD: CVE-2024-47684

PATCH

title:	Linux Kernel Archives	url:	https://git.kernel.org/stable/c/09aea49fbc7e755a915c405644f347137cdb62b0	Trust: 0.8
title:	Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlier	url:	https://www.cnvd.org.cn/patchInfo/show/723061	Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-010985

EXTERNAL IDS

db:	NVD	id:	CVE-2024-47684	Trust: 2.6
db:	SIEMENS	id:	SSA-355557	Trust: 1.6
db:	SIEMENS	id:	SSA-265688	Trust: 1.0
db:	SIEMENS	id:	SSA-398330	Trust: 1.0
db:	JVN	id:	JVNVU92169998	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-226-07	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-010985	Trust: 0.8
db:	CNVD	id:	CNVD-2025-19350	Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-010985 // NVD: CVE-2024-47684

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-355557.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/html/ssa-398330.html	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-265688.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/570f7d8c9bf14f041152ba8353d4330ef7575915	Trust: 1.0
url:	https://git.kernel.org/stable/c/ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86	Trust: 1.0
url:	https://git.kernel.org/stable/c/5c4c03288a4aea705e36aa44119c13d7ee4dce99	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/c8770db2d54437a5f49417ae7b46f7de23d14db6	Trust: 1.0
url:	https://git.kernel.org/stable/c/16e0387d87fc858e34449fdf2b14ed5837f761db	Trust: 1.0
url:	https://git.kernel.org/stable/c/96c4983eab2a5da235f7fff90beaf17b008ba029	Trust: 1.0
url:	https://git.kernel.org/stable/c/81d18c152e3f82bacadf83bc0a471b2363b9cc18	Trust: 1.0
url:	https://git.kernel.org/stable/c/09aea49fbc7e755a915c405644f347137cdb62b0	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu92169998/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-47684	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07	Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-010985 // NVD: CVE-2024-47684

SOURCES

db:	CNVD	id:	CNVD-2025-19350
db:	JVNDB	id:	JVNDB-2024-010985
db:	NVD	id:	CVE-2024-47684

LAST UPDATE DATE

2026-06-18T20:22:29.419000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19350	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2024-010985	date:	2025-09-09T01:24:00
db:	NVD	id:	CVE-2024-47684	date:	2026-05-12T12:17:12.897

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19350	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-010985	date:	2024-10-23T00:00:00
db:	NVD	id:	CVE-2024-47684	date:	2024-10-21T12:15:05.290