PatchSiren cyber security CVE debrief
CVE-2025-39675 Cert Portal CVE debrief
CVE-2025-39675 describes a missing null-pointer check in the Linux kernel AMD display HDCP session creation path. If get_first_active_display() returns null because the display list is empty, the function could dereference a null pointer. The advisory reports a fix that adds the check and returns MOD_HDCP_STATUS_DISPLAY_NOT_FOUND instead. The supplied source corpus also maps this issue to a Siemens SIMATIC CN 4100 advisory, but it does not explain the exact product exposure path, so the vendor/product association should be treated cautiously.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Defenders and operators responsible for Linux-based systems that include AMD display/HDCP components, and Siemens SIMATIC CN 4100 users tracking the referenced advisory, should review this issue. Because the source corpus ties the CVE to an OT advisory with low-confidence vendor metadata, asset owners should validate whether their deployed product or firmware actually contains the affected code path.
Technical summary
The vulnerability is a null-pointer dereference in mod_hdcp_hdcp1_create_session(). The function calls get_first_active_display() and previously did not verify whether the returned pointer was null. When the display list is empty, a null return could lead to a crash or denial of service. The fix adds a null check and returns MOD_HDCP_STATUS_DISPLAY_NOT_FOUND. The advisory references a similar prior kernel commit that added a null check for get_first_active_display().
Defensive priority
Medium. The CVSS vector supplied in the source corpus is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local-impact availability issue. Prioritize this for systems where local access is plausible and where a crash in the graphics/HDCP path would materially affect operations.
Recommended defensive actions
- Update to V5.0 or later, as stated in the vendor remediation guidance.
- Confirm whether affected Linux kernel components or vendor firmware are present in your environment before scheduling maintenance.
- Review systems that rely on AMD display/HDCP functionality for stability-sensitive workloads.
- Monitor vendor and CISA advisories for any clarification of the Siemens SIMATIC CN 4100 scope or affected versions.
- Use standard ICS defense-in-depth and hardening practices referenced by CISA while remediation is being planned.
Evidence notes
The source corpus states the issue was published on 2026-05-12 and modified on 2026-05-14, with the modified entry described as an initial CISA republication of Siemens ProductCERT advisory SSA-032379. The advisory text explicitly describes a missing null check in mod_hdcp_hdcp1_create_session() and cites the return of MOD_HDCP_STATUS_DISPLAY_NOT_FOUND as the fix. The corpus also includes a vendor/product mapping to Siemens SIMATIC CN 4100 vers:intdot/<5.0, but that mapping is marked low confidence and needs review. No exploit code or weaponized details are present in this debrief.
Official resources
-
CVE-2025-39675 CVE record
CVE.org
-
CVE-2025-39675 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-39675 was published on 2026-05-12 and modified on 2026-05-14. The source corpus describes the 2026-05-14 update as CISA's initial republication of Siemens ProductCERT advisory SSA-032379.