PatchSiren cyber security CVE debrief
CVE-2025-39756 Cert Portal CVE debrief
CVE-2025-39756 describes a Linux kernel file-descriptor table allocation flaw that can be reached when fs.nr_open is set very high and a process operates near the descriptor limit. In that case, the kernel may attempt an allocation larger than INT_MAX, producing a warning in mm/slub.c and wasting resources; the advisory describes a fix that rejects oversized allocations instead of reaching the warning path.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Linux kernel maintainers, appliance vendors, and operators of Linux-based systems that raise fs.nr_open or RLIMIT_NOFILE, especially environments that run selftests, high-descriptor workloads, or Siemens SIMATIC CN 4100 systems mapped to this advisory.
Technical summary
The source advisory says that when sysctl_nr_open is configured near its maximum, a local process can trigger alloc_fdtable() to request an impractically large fd-table allocation. The reported path can exceed INT_MAX, leading kvmalloc_array()/kvmalloc() to warn and attempt very large allocations; the described remedy is to add a size check in alloc_fdtable() so the operation fails cleanly with -EMFILE instead of emitting the kernel warning. The supplied metadata maps the issue to Siemens SIMATIC CN 4100 vers:intdot/<5.0, but that product mapping should be treated cautiously because the vulnerability text itself is Linux-kernel-specific.
Defensive priority
Medium. The impact is availability-only and requires local conditions, but the trigger is plausible on systems that permit very large file-descriptor limits, and the kernel warning indicates an avoidable resource-intensive failure path.
Recommended defensive actions
- Apply the vendor remediation listed in the advisory: update affected Siemens SIMATIC CN 4100 systems to V5.0 or later.
- Deploy a Linux kernel build that includes the alloc_fdtable() INT_MAX guard described in the advisory.
- Review fs.nr_open and RLIMIT_NOFILE settings and avoid setting them near the maximum unless there is a clear operational need.
- Test any selftests or applications that exercise very high file-descriptor counts in a staging environment before rollout.
- Monitor kernel logs for mm/slub.c and __kvmalloc_node_noprof warnings and investigate systems with unusually high descriptor limits.
Evidence notes
The supplied timeline places public disclosure on 2026-05-12 and a CISA republication on 2026-05-14. The source advisory text states that high fs.nr_open values can cause fd-table allocations to exceed INT_MAX, producing a warning in mm/slub.c, and that the fix is to reject oversized requests in alloc_fdtable() with -EMFILE. The source metadata also contains a product mapping to Siemens SIMATIC CN 4100, but that mapping appears inconsistent with the Linux-kernel description and should be reviewed.
Official resources
-
CVE-2025-39756 CVE record
CVE.org
-
CVE-2025-39756 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-26-134-10 on 2026-05-12, with CISA republication of the Siemens advisory on 2026-05-14.