PatchSiren cyber security CVE debrief
CVE-2025-38700 Cert Portal CVE debrief
CVE-2025-38700 is a Linux kernel libiscsi/iSER vulnerability republished in Siemens advisory ICSA-26-134-10 for SIMATIC CN 4100 vers:intdot/<5.0. The issue occurs when ib_fast_reg_mr allocation fails during iSER setup and iscsi_conn->dd_data is initialized even though no memory was allocated. During teardown, that bad state can lead to an invalid pointer dereference and a kernel panic. CISA’s advisory metadata rates the issue as high severity (CVSS 7.0) with local access and low privileges required.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and administrators responsible for Siemens SIMATIC CN 4100 systems, especially environments using Linux kernel iSCSI/iSER paths or other storage workloads that rely on libiscsi. ICS teams should also care because the failure mode is a device or host crash/panic rather than a benign error.
Technical summary
The source advisory describes a logic flaw in scsi: libiscsi where iscsi_conn->dd_data is set unconditionally even when dd_size is zero. If ib_fast_reg_mr allocation fails during iSER setup, no buffer is allocated, but teardown later follows the invalid pointer and faults in swake_up_locked/complete during iscsi_iser_conn_stop. The result is a panic path triggered by connection stop handling. The advisory’s CVSS vector is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High. The primary operational risk is kernel panic and service interruption on affected systems. Remediation is available and should be prioritized where the advisory applies.
Recommended defensive actions
- Update to Siemens V5.0 or later, as listed in the advisory remediation.
- Verify whether any affected SIMATIC CN 4100 deployments use the impacted Linux kernel storage path or iSER-related functionality.
- Review system hardening and access controls for storage-management paths; CISA ICS recommended practices are referenced in the advisory.
- Monitor affected hosts for unexpected kernel panics or repeated connection teardown failures until remediation is complete.
- Treat the Siemens product mapping as advisory-provided metadata and confirm exposure in your own asset inventory before scheduling maintenance.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-134-10 and its republished Siemens ProductCERT SSA-032379 content, both dated 2026-05-12 with a CISA republication on 2026-05-14. The advisory text states that an ib_fast_reg_mr allocation failure during iSER setup can leave iscsi_conn->dd_data initialized without allocated memory, leading to an invalid pointer dereference during connection teardown and a kernel panic. The source also lists the remediation as updating to V5.0 or later. The product mapping in the supplied source is marked low confidence and should be reviewed in local inventory.
Official resources
-
CVE-2025-38700 CVE record
CVE.org
-
CVE-2025-38700 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA’s ICSA-26-134-10 on 2026-05-12, with a CISA republication of Siemens ProductCERT SSA-032379 on 2026-05-14.