PatchSiren cyber security CVE debrief
CVE-2025-38614 Cert Portal CVE debrief
CVE-2025-38614 is a Linux kernel eventpoll/epoll recursion-bounding flaw that can allow excessively deep nesting and create a denial-of-service risk. The source advisory ties the issue to Siemens SIMATIC CN 4100 versions prior to 5.0 and states the fix is to update to V5.0 or later. Because the attack conditions require local access and privileges, this is best viewed as a targeted stability and availability issue rather than a remote compromise path.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT defenders, system owners, and patch managers responsible for Siemens SIMATIC CN 4100 deployments, especially where affected firmware or embedded Linux components are present. Linux kernel administrators should also review any environment that uses nested epoll/eventpoll behavior and enforce the vendor update path.
Technical summary
The advisory describes a Linux kernel eventpoll bug in which ep_loop_check_proc() did not fully bound the resulting epoll graph depth. The existing recursion checks were not sufficient because they did not account for upward paths, and when multiple downward paths existed, only one path was considered for depth checking. A later reverse_path_check() step still left a gap for non-epoll files. The result was the possibility of recursion to roughly 500 levels on v6.15, exceeding the intended EP_MAX_NESTS+1 limit and creating a high-availability impact. The fix tracks subtree depth, adds upward-depth calculation, and enforces the intended path-length limit.
Defensive priority
Medium
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later using the vendor-supported remediation path.
- Validate whether any deployed systems incorporate the affected Linux kernel behavior before scheduling maintenance.
- Prioritize patching on mission-critical OT assets where availability and stack-depth stability are operationally important.
- After remediation, verify normal epoll/eventpoll operation and monitor for abnormal availability or kernel instability events.
Evidence notes
The supplied CSAF content and republished CISA advisory describe CVE-2025-38614 as a Linux kernel eventpoll/epoll recursion issue and list Siemens SIMATIC CN 4100 versions <5.0 in the product scope. The source metadata is explicitly marked low-confidence and needs review, so the product mapping should be treated cautiously and validated against the linked Siemens ProductCERT and CISA records. The advisory’s CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, supporting a local, privilege-requiring availability impact.
Official resources
-
CVE-2025-38614 CVE record
CVE.org
-
CVE-2025-38614 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied source on 2026-05-12 and republished on 2026-05-14; use the CVE publication date for chronology, not any later processing or republication time. The advisory traces to Siemens ProductCERT SSA-032379 and C1