PatchSiren cyber security CVE debrief
CVE-2025-38712 Cert Portal CVE debrief
CVE-2025-38712 is a denial-of-service issue in the Linux kernel hfsplus path. According to the advisory text, if a volume header contains erroneous values that do not match the filesystem’s actual state, hfsplus_fill_super() may assume the attributes file does not yet exist and later reach BUG_ON() in hfsplus_create_attributes_file(). The fix replaces the BUG_ON() with an -EIO error and advises running fsck. The provided advisory was published on 2026-05-12 and republished on 2026-05-14. The supplied source record also maps the issue to Siemens SIMATIC CN 4100 V5.0 and earlier, but that product mapping should be treated cautiously because the vulnerability description itself is for the Linux kernel hfsplus code path.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Administrators and operators responsible for systems that may mount HFS+ filesystems, especially where untrusted or damaged media can be introduced. In the provided advisory mapping, Siemens SIMATIC CN 4100 deployments are also listed as affected, so OT/ICS teams should validate whether that vendor guidance applies to their environment.
Technical summary
The issue is caused by a bad assumption in hfsplus_fill_super(): if the volume header is inconsistent, the code path can conclude the attributes file has not been created and later hit BUG_ON() in hfsplus_create_attributes_file(). That turns filesystem metadata corruption into a kernel crash condition. The advisory states the remedy is to return -EIO instead of triggering BUG_ON(), and to suggest running fsck. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with a local availability impact rather than a confidentiality or integrity issue.
Defensive priority
Medium. This is an availability-focused kernel crash issue that should be remediated promptly in environments that mount HFS+ media or rely on the mapped Siemens product advisory.
Recommended defensive actions
- Update to the vendor-fixed version specified in the advisory: V5.0 or later, if your environment matches the Siemens product mapping in the source record.
- If HFS+ volumes are used, inspect and repair suspect media with fsck before mounting them in production.
- Restrict the introduction of untrusted or damaged removable media and disk images into systems that may parse HFS+ filesystems.
- Monitor for filesystem mount failures, kernel warnings, and unexpected reboots that could indicate malformed filesystem metadata.
- Apply CISA-recommended defense-in-depth and industrial control system security practices appropriate to your environment.
Evidence notes
The source advisory text explicitly states that malformed volume header values can lead to BUG_ON() in hfsplus_create_attributes_file(), and that the fix is to replace BUG_ON() with an -EIO error and a suggestion to run fsck. The provided metadata assigns CVSS 5.5/Medium with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The record was published on 2026-05-12 and modified on 2026-05-14. The source data also contains a product mapping to Siemens SIMATIC CN 4100 V5.0 and earlier, but that mapping is inconsistent with the Linux kernel hfsplus description and should be reviewed.
Official resources
-
CVE-2025-38712 CVE record
CVE.org
-
CVE-2025-38712 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory date in the supplied record: 2026-05-12. Source record modified: 2026-05-14. No KEV entry is listed in the provided data.