PatchSiren cyber security CVE debrief
CVE-2025-39788 Cert Portal CVE debrief
CVE-2025-39788 is a Linux kernel bug in the ufs-exynos storage driver where a left-shift expression can overflow integer width when the number of UTP transfer request slots is 32. On affected systems, the driver may write the wrong value to UTRL_NEXUS_TYPE, and the same fix was applied for UTMRL_NEXUS_TYPE for consistency. The source advisory also notes a UBSAN shift-out-of-bounds warning. The supplied advisory metadata is internally inconsistent about product naming, so the kernel-side vulnerability description should be treated as the primary evidence.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Linux kernel and embedded-platform maintainers who use the ufs-exynos driver path, especially on gs101-class hardware, and security teams tracking the Siemens/CISA advisory feed. Because the provided product metadata does not cleanly match the kernel issue description, asset owners should verify applicability before scheduling remediation.
Technical summary
The issue is an undefined-behavior bug caused by shifting a literal of type int by 32 bits when computing UTRL_NEXUS_TYPE. In the reported gs101 case, that results in an incorrect register value being programmed, with the advisory stating it should be 0xffffffff instead of 0. The fix switches to the BIT() macro so the shift is performed with correct typing and width handling, and the same change is applied to the UTMRL_NEXUS_TYPE write. The advisory references a UBSAN shift-out-of-bounds warning at drivers/ufs/host/ufs-exynos.c:1113:21.
Defensive priority
Medium. The CVSS score in the supplied source is 5.5 with availability impact only, and there is no KEV listing. Prioritize if you operate affected Linux/embedded devices that use the ufs-exynos driver path, but this is not presented as an emergency internet-facing exploitation issue in the source corpus.
Recommended defensive actions
- Update to the fixed version identified in the source advisory: V5.0 or later.
- Verify whether your devices actually use the affected Linux ufs-exynos driver path and gs101-class configuration before prioritizing rollout.
- Check for kernel logs or test output indicating UBSAN shift-out-of-bounds warnings in drivers/ufs/host/ufs-exynos.c.
- Treat the advisory's product mapping cautiously and confirm scope against your own inventory because the provided metadata appears inconsistent.
- Use standard change control and regression testing for storage-driver updates on embedded/industrial devices.
Evidence notes
Primary evidence comes from the CISA CSAF source item and its referenced Siemens ProductCERT advisory. The source description states the shift/typing issue, the gs101 context, the incorrect 0xffffffff-vs-0 register programming detail, and the UBSAN warning. The timeline fields show publication on 2026-05-12 and republication on 2026-05-14. No KEV entry is present. The vendor/product fields in the supplied prompt appear mismatched with the kernel vulnerability text, so this debrief prioritizes the advisory body over the metadata labels.
Official resources
-
CVE-2025-39788 CVE record
CVE.org
-
CVE-2025-39788 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the source corpus on 2026-05-12, with a CISA republication/update on 2026-05-14. No KEV listing was supplied.