ID

VAR-202410-2015


CVE

CVE-2024-50040


TITLE

Linux  of  Linux Kernel  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-011364

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below. [ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ------------[ cut here ]------------ [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] <TASK> [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292] </TASK> To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up. Linux of Linux Kernel Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.16

sources: NVD: CVE-2024-50040 // JVNDB: JVNDB-2024-011364 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.12

Trust: 1.8

vendor:linuxmodel:kernelscope:ltversion:6.1.113

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.4.251

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.4.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.11.4

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.168

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.14.322

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.19.291

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.10.188

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.57

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.15.150

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.1.42

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.227

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:6.5 that's all 6.6.57

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.10.188 that's all 5.10.227

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.11.4

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.15.150 that's all 5.15.168

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.14.322 that's all 4.15

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.19.291 that's all 4.20

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.1.42 that's all 6.1.113

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.4.251 that's all 5.5

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.4.7 that's all 6.5

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011364 // NVD: CVE-2024-50040

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-50040
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-50040
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-50040
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-50040
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011364 // NVD: CVE-2024-50040

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-011364 // NVD: CVE-2024-50040

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6

Trust: 0.8

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011364

EXTERNAL IDS

db:NVDid:CVE-2024-50040

Trust: 2.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:SIEMENSid:SSA-398330

Trust: 1.0

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNid:JVNVU92169998

Trust: 0.8

db:JVNDBid:JVNDB-2024-011364

Trust: 0.8

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011364 // NVD: CVE-2024-50040

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Trust: 1.0

url:https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4

Trust: 1.0

url:https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Trust: 1.0

url:https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178

Trust: 1.0

url:https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb

Trust: 1.0

url:https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6

Trust: 1.0

url:https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50040

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-011364 // NVD: CVE-2024-50040

SOURCES

db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-011364
db:NVDid:CVE-2024-50040

LAST UPDATE DATE

2026-06-19T20:59:42.511000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-011364date:2025-08-21T03:22:00
db:NVDid:CVE-2024-50040date:2026-05-12T13:16:16.310

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-011364date:2024-10-29T00:00:00
db:NVDid:CVE-2024-50040date:2024-10-21T20:15:17.050