PatchSiren cyber security CVE debrief
CVE-2025-38347 Cert Portal CVE debrief
CVE-2025-38347 is described in the supplied source as a Linux kernel f2fs flaw where corrupted inode/xattr metadata can cause the same inode page to be locked twice during ACL and xattr handling, leading to a hang or deadlock and a denial-of-service condition. The supplied advisory metadata also maps the issue to Siemens SIMATIC CN 4100 versions earlier than 5.0, but that product attribution does not align cleanly with the kernel/f2fs description and should be verified before remediation.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Linux platform and kernel maintainers, storage and filesystem operators, and Siemens/SIMATIC administrators who rely on the supplied advisory mapping. Systems that process or mount F2FS filesystems, especially from untrusted or potentially corrupted media, should be reviewed.
Technical summary
The source report shows a syzbot-triggered f2fs hang in the path from mknod through ACL and xattr initialization into lookup_all_xattrs and __get_node_page. The reported corruption involved inode metadata where xattr_nid matched i_ino, which can cause f2fs to try to read and lock the same inode page twice and deadlock. The stated fix is to add sanity checks on ino and xnid before following the metadata path. The advisory metadata gives CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which is consistent with a local availability-impacting issue.
Defensive priority
Medium
Recommended defensive actions
- Verify whether any asset actually matches Siemens advisory ICSA-26-134-10 / SSA-032379 before taking product-specific action, because the supplied metadata and kernel description are inconsistent.
- If you operate the affected Siemens product line, update to V5.0 or later as listed in the supplied remediation.
- Ensure your Linux or embedded kernel build includes the f2fs sanity-check fix for ino and xnid, or apply the relevant vendor backport.
- Watch for kernel hung-task alerts, repeated f2fs stalls, or filesystem operations that block during ACL or xattr processing.
- Reduce exposure to corrupted or untrusted F2FS media where practical and maintain recovery backups for filesystem failures.
Evidence notes
The supplied source item and advisory text describe a Linux kernel f2fs deadlock caused by malformed inode/xattr metadata, with a call trace through f2fs_mknod, f2fs_init_acl, __f2fs_get_acl, lookup_all_xattrs, and __get_node_page. The same corpus also lists Siemens SIMATIC CN 4100 vers:intdot/<5.0 and a remediation to update to V5.0 or later, but that product mapping appears inconsistent with the Linux f2fs bug description and is flagged low confidence. Timing context: the CVE was published on 2026-05-12 and republished on 2026-05-14 in the supplied source.
Official resources
-
CVE-2025-38347 CVE record
CVE.org
-
CVE-2025-38347 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied source record was published on 2026-05-12 and republished on 2026-05-14. The corpus ties the disclosure to CISA advisory ICSA-26-134-10 and Siemens advisory SSA-032379, while also including a Linux kernel f2fs fix description.