PatchSiren cyber security CVE debrief
CVE-2025-38679 Cert Portal CVE debrief
CVE-2025-38679 describes an out-of-bounds read in the Linux kernel’s media: venus path when parsing a firmware-supplied property list without first validating the remaining payload length. The issue can lead to kernel crashes and, depending on what is read past the buffer, possible information exposure. The supplied advisory metadata ties this CVE to Siemens SIMATIC CN 4100 versions below 5.0, but the vulnerability text itself is about Linux kernel media driver parsing, so the product linkage should be reviewed carefully.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Defenders responsible for Siemens SIMATIC CN 4100 deployments referenced by ICSA-26-134-10, and teams maintaining Linux kernel-based embedded or appliance systems that include the Venus media driver, should review this issue. This is most relevant where firmware or device messages are parsed by trusted kernel code.
Technical summary
The event_seq_changed() handler processes a firmware-defined number of properties from a variable-length payload. The flaw is that the code did not sufficiently check the remaining message length before each property access, so a malformed or unexpected property count could drive reads beyond the received buffer. The source advisory describes this as an OOB read with potential crash and information-disclosure impact, and the supplied CVSS vector rates availability as the primary impact (CVSS 5.5, AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Defensive priority
Medium. Prioritize if you operate affected Siemens-managed systems or Linux-based appliances that ingest untrusted or firmware-controlled messages in the Venus media path.
Recommended defensive actions
- Update affected systems to version 5.0 or later, per the Siemens remediation guidance in the supplied advisory.
- Verify whether the affected product mapping applies to your environment, because the supplied description and product metadata are not fully aligned and need review.
- Plan maintenance-window testing for any kernel or device-firmware update that changes media/firmware message parsing paths.
- Monitor affected devices for unexpected kernel crashes, resets, or driver faults that could indicate malformed payload handling issues.
- Use vendor and CISA advisory references to confirm the exact affected models, versions, and deployment scope before remediation.
Evidence notes
Primary evidence comes from the supplied CISA CSAF source item (ICSA-26-134-10) and its referenced Siemens ProductCERT advisory. The advisory text states that the Linux kernel media: venus event_seq_changed() handler lacked a payload-length bound check before iterating over firmware-provided properties. The supplied remediation is to update to V5.0 or later. The product metadata in the source corpus links this CVE to Siemens SIMATIC CN 4100 vers:intdot/<5.0, but the vulnerability description itself refers to Linux kernel code, so the product association is marked for review.
Official resources
-
CVE-2025-38679 CVE record
CVE.org
-
CVE-2025-38679 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-05-12 in the supplied CISA CSAF advisory, with a republication update on 2026-05-14. Use the CVE published date as the issue date context.