ID

VAR-202502-1606


CVE

CVE-2024-57951


TITLE

Linux  of  Linux Kernel  Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2024-019050

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to CPUHP_ONLINE: Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online state, for instance CFS incorrectly assumes that the hrtick is already active, and the chance of the clockevent device to transition to oneshot mode is also lost forever for the CPU, unless it goes back to a lower state than CPUHP_HRTIMERS_PREPARE once. This round-trip reveals another issue; cpu_base.online is not set to 1 after the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer(). Aside of that, the bulk of the per CPU state is not reset either, which means there are dangling pointers in the worst case. Address this by adding a corresponding startup() callback, which resets the stale per CPU state and sets the online flag. [ tglx: Make the new callback unconditionally available, remove the online modification in the prepare() callback and clear the remaining state in the starting callback instead of the prepare callback ]. Linux of Linux Kernel Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.16

sources: NVD: CVE-2024-57951 // JVNDB: JVNDB-2024-019050 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.13

Trust: 1.8

vendor:linuxmodel:kernelscope:gteversion:5.4.264

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.127

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.234

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.74

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.12.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.1.68

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.15.143

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.10.204

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.19.302

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.290

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.177

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.4.264 that's all 5.4.290

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.15.143 that's all 5.15.177

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.1.68 that's all 6.1.127

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.10.204 that's all 5.10.234

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.6.7 that's all 6.6.74

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.12.11

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.19.302 that's all 4.20

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-019050 // NVD: CVE-2024-57951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-57951
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-57951
value: HIGH

Trust: 1.0

NVD: CVE-2024-57951
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-57951
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-57951
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-019050 // NVD: CVE-2024-57951 // NVD: CVE-2024-57951

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-019050 // NVD: CVE-2024-57951

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7

Trust: 0.8

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-019050

EXTERNAL IDS

db:NVDid:CVE-2024-57951

Trust: 2.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNDBid:JVNDB-2024-019050

Trust: 0.8

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-019050 // NVD: CVE-2024-57951

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686

Trust: 1.0

url:https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a

Trust: 1.0

url:https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75

Trust: 1.0

url:https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc

Trust: 1.0

url:https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7

Trust: 1.0

url:https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-57951

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-019050 // NVD: CVE-2024-57951

SOURCES

db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-019050
db:NVDid:CVE-2024-57951

LAST UPDATE DATE

2026-06-19T20:39:27.712000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-019050date:2025-02-17T08:52:00
db:NVDid:CVE-2024-57951date:2026-05-12T13:16:24.680

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-019050date:2025-02-17T00:00:00
db:NVDid:CVE-2024-57951date:2025-02-12T14:15:31.403