CVE-2025-39783 Cert Portal CVE debrief

Who should care

Operators and maintainers of Siemens SIMATIC CN 4100 systems, especially those running affected versions or using PCI endpoint function drivers with configfs attribute groups. Linux kernel and embedded platform teams that integrate or unload these drivers should also review it.

Technical summary

The vulnerable path is pci_epf_remove_cfs() in the Linux kernel PCI endpoint framework. The bug is an incorrect list_del() call on struct pci_epf_driver.epf_group, which is a list head, not a list entry. When an endpoint function driver with a configfs attribute group is removed, the bad list operation can touch freed memory and produce a slab-use-after-free/KASAN report. The supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (7.8 High), indicating local access and low privileges, but potentially severe confidentiality, integrity, and availability impact if the affected code path is reachable.

Defensive priority

High for affected deployments. The bug is local rather than remote, but the source advisory rates it High and provides a vendor fix. Prioritize patching if the affected kernel-derived component is present in production or field devices, especially where module teardown or configfs-based endpoint drivers are used.

Recommended defensive actions

• Upgrade to Siemens SIMATIC CN 4100 V5.0 or later, as recommended in the supplied advisory.
• Inventory devices and builds that include the affected PCI endpoint framework and configfs-based endpoint function drivers.
• Check whether any operational workflows load or unload the affected module path, since the issue is triggered during teardown.
• Use the official Siemens and CISA advisory links to confirm affected product coverage and remediation scope.
• Track whether your deployment inherits this Linux kernel code path through a vendor image or downstream firmware package.
• Treat the issue as a patching priority even if it is not remotely exploitable, because the reported impact is high and the fix is available.

Evidence notes

The supplied source item is CISA CSAF ICSA-26-134-10, republishing Siemens ProductCERT advisory SSA-032379. It describes the Linux kernel PCI endpoint teardown bug, including the incorrect list_del() on epf_group and the KASAN slab-use-after-free report. The source item also supplies CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and remediation to update to V5.0 or later. The enrichment shows no KEV entry, and the advisory contains no threat entries in the supplied corpus.

Official resources