PatchSiren cyber security CVE debrief
CVE-2025-38708 Cert Portal CVE debrief
CVE-2025-38708 is a high-severity Linux kernel DRBD vulnerability involving a missing kref_get in handle_write_conflicts. In the affected write-conflict path, that mistake can lead to premature drbd_destroy_device, a use-after-free, and kernel crashes. The supplied CISA/Siemens advisory maps the issue to Siemens SIMATIC CN 4100 versions before 5.0 and recommends updating to V5.0 or later.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Teams responsible for Siemens SIMATIC CN 4100 systems covered by the advisory, plus administrators of DRBD-based Linux deployments that may use two-primaries or related write-conflict handling. This is most relevant where kernel stability is operationally important.
Technical summary
The advisory text says DRBD’s two-primaries mode tries to reconcile concurrent writes and that the vulnerable code path handled "superseeded" writes without a required kref_get. That missing reference increment can allow a device object to be destroyed too early, creating a use-after-free condition and resulting in kernel crashes. The source corpus gives CVSS 3.1 7.8/High with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access and privileges are required but impact can be severe.
Defensive priority
High. Prioritize remediation for any confirmed affected Siemens SIMATIC CN 4100 deployment or DRBD-based Linux system in scope, especially where kernel crashes would affect availability or safety.
Recommended defensive actions
- Confirm whether your environment includes Siemens SIMATIC CN 4100 systems covered by ICSA-26-134-10 or DRBD-based Linux kernels using the vulnerable write-conflict path.
- Apply the vendor remediation: update to V5.0 or later, per the Siemens advisory.
- Schedule remediation through normal maintenance windows, but treat confirmed exposure as a high-priority stability issue.
- Review operational dependencies on concurrent-write behavior; the advisory states this path is rarely used in normal clustered storage or live-migration workflows, but test or unusual configurations may still be at risk.
- Track the Siemens and CISA advisory revisions for any clarification or additional affected-product details.
Evidence notes
The supplied CSAF source states: "In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts," and describes a use-after-free leading to kernel crashes. It also lists Siemens SIMATIC CN 4100 vers:intdot/<5.0, a CVSS 3.1 score of 7.8 (High), and remediation to update to V5.0 or later. The source vendor mapping is marked low-confidence/needs review, so product applicability should be verified against the Siemens bulletin and affected-device inventory. Not listed in CISA KEV.
Official resources
-
CVE-2025-38708 CVE record
CVE.org
-
CVE-2025-38708 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory ICSA-26-134-10 on 2026-05-12 and republished by CISA on 2026-05-14.