PatchSiren cyber security CVE debrief
CVE-2025-38711 Cert Portal CVE debrief
CVE-2025-38711 describes a deadlock in the Linux kernel SMB server (ksmbd) path when smb2_create_link() is used with ReplaceIfExists and the target name already exists. The supplied advisory says the parent directory can remain locked across file removal and link creation, causing ksmbd_vfs_link() to try to lock the same parent again and deadlock. The reported fix moves the unlock before the link operation and removes an unnecessary flag variable. CISA’s CSAF entry was published on 2026-05-12 and republished on 2026-05-14 with Siemens ProductCERT material. Siemens remediation guidance in the supplied source says to update to V5.0 or later.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Administrators and operators running Linux systems with ksmbd-enabled SMB server functionality, especially in environments that consume Siemens advisory guidance for SIMATIC CN 4100. Because the supplied vendor mapping is low-confidence and the vulnerability text is Linux-kernel-specific, applicability should be verified against the actual deployed software stack before prioritizing remediation.
Technical summary
The issue is a lock-ordering defect in smb/server handling. According to the supplied description, ksmbd_vfs_kern_path_locked() can leave the parent directory locked when ReplaceIfExists is set and the named file exists. After ksmbd_vfs_remove_file() deletes the file, ksmbd_vfs_link() is called while the parent remains locked, and it attempts to acquire the same lock again, producing a deadlock. The remediation is to unlock the parent before calling ksmbd_vfs_link(), simplifying the code path. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local exploitability, low privileges, no user interaction, and high availability impact.
Defensive priority
Medium. The severity is driven by availability impact and a relatively constrained attack vector, but a kernel or server deadlock can disrupt service and may require restart or recovery action. Prioritize if ksmbd is exposed in production or operational environments.
Recommended defensive actions
- Confirm whether any affected Linux systems actually use ksmbd SMB server functionality.
- Apply the vendor-recommended update to V5.0 or later where applicable.
- If immediate patching is not possible, restrict access to SMB server functionality to trusted administrative paths only, consistent with your environment and change-control policy.
- Monitor for service hangs or unresponsive SMB server behavior that could indicate deadlock conditions.
- Validate the Siemens advisory applicability for the specific product and version in use, because the supplied vendor/product mapping has low confidence.
Evidence notes
This debrief is based only on the supplied CISA CSAF source and linked official references. The source states: (1) the vulnerability is in the Linux kernel smb/server code path, (2) the deadlock occurs when linking with ReplaceIfExists and the name already exists, (3) the fix moves ksmbd_vfs_kern_path_unlock() before ksmbd_vfs_link(), and (4) Siemens remediation guidance is to update to V5.0 or later. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vendor mapping in the prompt is marked low confidence and should be treated as needing validation.
Official resources
-
CVE-2025-38711 CVE record
CVE.org
-
CVE-2025-38711 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2026-05-12, with an initial CISA republication update on 2026-05-14 from Siemens ProductCERT advisory SSA-032379.