PatchSiren cyber security CVE debrief
CVE-2025-39736 Cert Portal CVE debrief
CVE-2025-39736 describes a Linux kernel deadlock in kmemleak handling. The issue arises when a warning path can run while kmemleak_lock is already held, and the warning may re-enter kmemleak through netpoll/netconsole and try to take the same lock again. The result can be a system hang or loss of availability. The fix moves the warning call outside the locked section. The source corpus associates this CVE with Siemens advisory ICSA-26-134-10 / SSA-032379, but the technical description itself is a kernel locking issue and the product mapping should be validated before assuming exposure.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
System and platform owners who run affected Linux kernel builds, especially where netpoll or netconsole is enabled. This also matters for operators of embedded or industrial appliances that rely on vendor-managed kernel updates, including teams that need to confirm whether the Siemens advisory mapping applies to their deployment.
Technical summary
The vulnerability is a lock inversion / deadlock condition in mm/kmemleak. In mem_pool_alloc(), kmemleak_lock is taken and pr_warn_once() may be called while the lock is still held. If netpoll is enabled, that warning path can traverse netconsole, netpoll, and __alloc_skb(), which may re-enter kmemleak object creation and attempt to acquire kmemleak_lock again. The deadlock is avoided by setting a flag under the lock and issuing pr_warn_once() only after kmemleak_lock has been released. The supplied CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local, low-privilege conditions with high availability impact.
Defensive priority
Medium
Recommended defensive actions
- Apply the vendor remediation from the source advisory: update to V5.0 or later version.
- Verify whether affected systems use netpoll or netconsole, since the deadlock path depends on that subsystem behavior.
- Prioritize patching systems where a kernel hang would disrupt operational availability, especially embedded or industrial deployments.
- Confirm the exact product-to-CVE mapping for your environment, because the supplied source item flags the vendor/product attribution as low confidence and needing review.
Evidence notes
Source timing is 2026-05-12 publication and 2026-05-14 modification, which should be used as the CVE advisory timeline. The CISA CSAF source explicitly describes the kmemleak/netpoll deadlock and states the fix is to move pr_warn() outside kmemleak_lock. The source item also ties the CVE to Siemens advisory ICSA-26-134-10 / SSA-032379, but the product mapping in the prompt is marked low confidence and needs review; the technical description is a Linux kernel issue, so attribution should be validated against the official vendor advisory before operational decisions are made.
Official resources
-
CVE-2025-39736 CVE record
CVE.org
-
CVE-2025-39736 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory material in the supplied corpus was published on 2026-05-12 and republished/modified on 2026-05-14. The source corpus does not provide evidence of exploitation in the wild.