Lucene search
+L

Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)

🗓️ 18 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 17 Views

RST2428P vulnerability fixed in Linux kernel; cancels ioerr_work after association to prevent list corruption.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(505411);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/17");

  script_cve_id("CVE-2025-40261");
  script_xref(name:"ICSA", value:"26-188-05");

  script_name(english:"Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"In the Linux kernel, the following vulnerability has been resolved:
nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl()    nvme_fc_delete_assocation() waits for pending
I/O to complete before  returning, and an error can cause ->ioerr_work
to be queued after  cancel_work_sync() had been called.  Move the call
to cancel_work_sync() to  be after nvme_fc_delete_association() to
ensure ->ioerr_work is not running  when the nvme_fc_ctrl object is
freed.  Otherwise the following can occur:    [ 1135.911754] list_del
corruption, ff2d24c8093f31f8->next is NULL  [ 1135.917705]
------------[ cut here ]------------  [ 1135.922336] kernel BUG at
lib/list_debug.c:52!  [ 1135.926784] Oops: invalid opcode: 0000 [#1]
SMP NOPTI  [ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm:
kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary)
[ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS
2.5.4 01/16/2025  [ 1135.950969] Workqueue:  0x0 (nvme-wq)  [
1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f
[ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7
70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07
45 fe ff <0f> 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff
0f 0b  [ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046  [
1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX:
0000000000000000  [ 1135.992148] RDX: 0000000000000000 RSI:
ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0  [ 1135.999278] RBP:
ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08  [
1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12:
ff2d24c78697c100  [ 1136.013546] R13: fffffffffffffff8 R14:
0000000000000000 R15: ff2d24c78697c0c0  [ 1136.020677] FS:
0000000000000000(0000) GS:ff2d24d6bfa00000(0000)
knlGS:0000000000000000  [ 1136.028765] CS:  0010 DS: 0000 ES: 0000
CR0: 0000000080050033  [ 1136.034510] CR2: 00007fd207f90b80 CR3:
000000163ea22003 CR4: 0000000000f73ef0  [ 1136.041641] DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  [
1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7:
0000000000000400  [ 1136.055910] PKRU: 55555554  [ 1136.058623] Call
Trace:  [ 1136.061074]  <TASK>  [ 1136.063179]  ?
show_trace_log_lvl+0x1b0/0x2f0  [ 1136.067540]  ?
show_trace_log_lvl+0x1b0/0x2f0  [ 1136.071898]  ?
move_linked_works+0x4a/0xa0  [ 1136.075998]  ?
__list_del_entry_valid_or_report.cold+0xf/0x6f  [ 1136.081744]  ?
__die_body.cold+0x8/0x12  [ 1136.085584]  ? die+0x2e/0x50  [
1136.088469]  ? do_trap+0xca/0x110  [ 1136.091789]  ?
do_error_trap+0x65/0x80  [ 1136.095543]  ?
__list_del_entry_valid_or_report.cold+0xf/0x6f  [ 1136.101289]  ?
exc_invalid_op+0x50/0x70  [ 1136.105127]  ?
__list_del_entry_valid_or_report.cold+0xf/0x6f  [ 1136.110874]  ?
asm_exc_invalid_op+0x1a/0x20  [ 1136.115059]  ?
__list_del_entry_valid_or_report.cold+0xf/0x6f  [ 1136.120806]
move_linked_works+0x4a/0xa0  [ 1136.124733]  worker_thread+0x216/0x3a0
[ 1136.128485]  ? __pfx_worker_thread+0x10/0x10  [ 1136.132758]
kthread+0xfa/0x240  [ 1136.135904]  ? __pfx_kthread+0x10/0x10  [
1136.139657]  ret_from_fork+0x31/0x50  [ 1136.143236]  ?
__pfx_kthread+0x10/0x10  [ 1136.146988]  ret_from_fork_asm+0x1a/0x30
[ 1136.150915]  </TASK>

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-253495.html");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/110002573/");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/ICSA-26-188-05");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-40261");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(1341);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rst2428p_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:ruggedcom_rst2428p_firmware" :
        {"family" : "RuggedCom", "orderNumbers" : ['6GK6242-6PA00'], "versionEndExcluding" : "4.0"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jul 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
EPSS0.00194
17