PatchSiren cyber security CVE debrief
CVE-2025-38714 Cert Portal CVE debrief
CVE-2025-38714 is a Linux kernel memory-safety issue in hfsplus_bnode_read() that can produce a slab-out-of-bounds read. The supplied advisory data shows the fault being hit under KASAN during HFS+ metadata operations and assigns CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. Because the source corpus is a republished Siemens/CISA advisory with product metadata that does not clearly match the Linux kernel description, scope should be validated before assuming product impact.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Linux administrators and security teams that run kernels with HFS+ filesystem support, especially on systems that may process untrusted or removable HFS+ media. OT and Siemens-focused teams should also verify whether the republished advisory actually applies to their SIMATIC CN 4100 deployments, since the supplied metadata appears inconsistent.
Technical summary
The advisory text says the Linux kernel issue is resolved by fixing a slab-out-of-bounds read in hfsplus_bnode_read(). The provided crash trace shows KASAN reporting an 8-byte read past a slab object while handling HFS+ bnode operations, with the stack reaching hfsplus_brec_remove(), __hfsplus_delete_attr(), hfsplus_delete_all_attrs(), and hfsplus_delete_cat() during an unlink path. The supplied CVSS vector indicates a local, low-privilege, no-UI attack path with high confidentiality, integrity, and availability impact if the vulnerable code path is reachable.
Defensive priority
High, with applicability validation first because the supplied advisory metadata is inconsistent.
Recommended defensive actions
- Apply the vendor-provided fix path listed in the advisory and update to V5.0 or later where applicable.
- Review whether any deployed systems actually use the affected Linux hfsplus code path or the Siemens product named in the republished advisory.
- Restrict exposure to removable or untrusted HFS+ media where practical.
- Monitor for filesystem-related crashes, KASAN-style findings, or unexpected behavior in HFS+ metadata operations on test and production systems.
- Use the official CISA and Siemens advisory links to confirm scope and remediation before scheduling changes.
Evidence notes
Source item ICSA-26-134-10 (published 2026-05-12, republished 2026-05-14) describes CVE-2025-38714 as a Linux kernel hfsplus_bnode_read() slab-out-of-bounds issue and includes a KASAN crash trace from an unlink-related path. The supplied remediation says to update to V5.0 or later, but the vendor/product metadata in the corpus is low confidence and appears inconsistent with the Linux kernel description, so applicability should be confirmed directly from the official advisories.
Official resources
-
CVE-2025-38714 CVE record
CVE.org
-
CVE-2025-38714 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published 2026-05-12 and modified 2026-05-14 in the supplied advisory timeline. CISA republishes the Siemens ProductCERT advisory on 2026-05-14. The source corpus should be treated as low-confidence for product applicability because its SiŠµ