PatchSiren cyber security CVE debrief
CVE-2025-39737 Cert Portal CVE debrief
CVE-2025-39737 is an availability issue in the Linux kernel’s kmemleak cleanup path. According to the supplied advisory text, disabling kmemleak after object-allocation failure can leave __kmemleak_do_cleanup() processing a very large number of objects one by one, which can monopolize CPU time and trigger a soft lockup. The source corpus ties the CVE to Siemens advisory ICSA-26-134-10 / SSA-032379 and maps it to Siemens SIMATIC CN 4100 versions before 5.0, with a CVSS v3.1 score of 5.5 (Medium).
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Administrators and operators who rely on the Siemens advisory scope in the source corpus (SIMATIC CN 4100 versions before 5.0), plus Linux kernel maintainers and test/debug environments that enable kmemleak and watchdog monitoring.
Technical summary
The reported condition occurs in mm/kmemleak when kmemleak is disabled after it cannot allocate more kmemleak objects. Cleanup then iterates through many existing objects in __kmemleak_do_cleanup(), deleting them individually via a workqueue. On a debug kernel with a large kmemleak object pool, the repeated per-object work and locking can run long enough to cause a soft lockup warning. The supplied description says the fix is to add periodic cond_resched() calls during iteration so the kernel can yield and avoid the lockup.
Defensive priority
Medium. The impact is availability-only and appears limited to systems that hit the kmemleak-disabled cleanup path, but the supplied advisory still assigns CVSS 5.5 and recommends remediation.
Recommended defensive actions
- Apply the vendor remediation in the source corpus: update to V5.0 or later for the affected Siemens product scope.
- Treat the issue as an availability risk in debug, test, or maintenance environments where kmemleak is enabled.
- Watch for watchdog soft lockup messages and unusual delays in kmemleak cleanup on affected systems.
- Review whether kmemleak-enabled debug configurations are present in environments that should not run them.
- Use the Siemens and CISA advisory links in the source corpus to confirm the exact product scope before scheduling remediation.
Evidence notes
The source corpus contains a Linux-kernel-style fix description for kmemleak cleanup, while the advisory metadata maps the CVE to Siemens SIMATIC CN 4100 vers:intdot/<5.0. That product association is explicitly marked low confidence / needs review in the provided data, so the product mapping should be validated against the linked Siemens and CISA advisories. The corpus also states CVSS v3.1 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Official resources
-
CVE-2025-39737 CVE record
CVE.org
-
CVE-2025-39737 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published in the supplied source corpus on 2026-05-12 and modified on 2026-05-14. The corpus also notes a CISA republication on 2026-05-14 of Siemens ProductCERT advisory SSA-032379. These are advisory publication dates, not the original CV