PatchSiren cyber security CVE debrief
CVE-2025-38696 Cert Portal CVE debrief
CVE-2025-38696 is a denial-of-service issue in the Linux kernel MIPS stack layout code. According to the supplied advisory text, stack_top() could dereference a NULL ABI pointer for tasks that do not have an ABI or vDSO mapping, such as kthreads, which can crash the kernel. The supplied CISA CSAF item was published on 2026-05-12 and republished on 2026-05-14 with Siemens ProductCERT SSA-032379 content. The advisory metadata ties the issue to Siemens SIMATIC CN 4100 versions before 5.0, but the vulnerability description itself is kernel-code specific, so the product mapping should be treated with care and verified in the affected environment.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators responsible for Siemens SIMATIC CN 4100 deployments, embedded Linux/MIPS maintainers, and OT teams that run affected kernel builds or maintenance/test workloads on those systems should review this issue. It is especially relevant where local access on the device is plausible and kernel crashes would disrupt operations.
Technical summary
The issue is in arch/mips stack_top() handling. If a task without an ABI or vDSO reaches stack_top(), the code can dereference a NULL ABI pointer and crash the kernel. The supplied fix only dereferences the ABI-related pointer when it is set, keeps the GIC page handling tied to the vDSO-specific path, and moves the randomization adjustment into that same conditional branch. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, consistent with a local crash impact rather than a confidentiality or integrity issue.
Defensive priority
Medium. The published severity is 5.5/Medium, and the primary impact is availability loss from a kernel crash. Prioritize systems that match the Siemens advisory scope or any embedded Linux/MIPS deployments using the affected code path.
Recommended defensive actions
- Update affected Siemens SIMATIC CN 4100 systems to V5.0 or later, per the supplied remediation guidance.
- Confirm whether your deployment actually uses the affected Linux MIPS kernel path; do not assume the Siemens product mapping without validation.
- Review local-access exposure on affected systems, since the supplied CVSS vector requires local access and low privileges.
- Monitor for unexpected kernel crashes or reboots that could indicate the bug is being hit in practice.
- Follow CISA and Siemens recommended ICS defense-in-depth practices while you patch and validate the fix.
Evidence notes
The supplied source item is CISA CSAF ICSA-26-134-10, republishing Siemens ProductCERT SSA-032379. Its metadata lists productName as 'Siemens SIMATIC CN 4100 vers:intdot/<5.0' and gives CVSS 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability description is explicitly about a Linux kernel MIPS NULL dereference in stack_top() for tasks without ABI or vDSO, including kthreads. Because the product metadata and the technical description are not naturally aligned, downstream product-to-code mapping should be verified before assuming exposure.
Official resources
-
CVE-2025-38696 CVE record
CVE.org
-
CVE-2025-38696 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through CISA CSAF ICSA-26-134-10 on 2026-05-12 and republished with Siemens ProductCERT SSA-032379 content on 2026-05-14. No KEV listing is present in the supplied data.