PatchSiren cyber security CVE debrief
CVE-2025-39795 Cert Portal CVE debrief
CVE-2025-39795 is a Linux kernel vulnerability in blk_stack_limits() where a chunk_sectors validation step could overflow an unsigned int when calculated in bytes instead of sectors. The advisory ties the issue to Siemens SIMATIC CN 4100 versions earlier than 5.0 and assigns a medium CVSS 3.1 score of 5.5. The core risk is availability impact from a local, low-privilege issue in the kernel’s block-limits handling.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Organizations running Siemens SIMATIC CN 4100 systems covered by the advisory, and teams responsible for Linux kernel maintenance on industrial or embedded platforms, should review this CVE. Security, operations, and patch management teams should prioritize it for affected assets because the fix is vendor-published and the impact is on system availability.
Technical summary
The vulnerability is described as an overflow risk in blk_stack_limits() when checking whether t->chunk_sectors is a multiple of t->physical_block_size. The problematic logic derived chunk_sectors in bytes, which could overflow the unsigned int used to hold that value. The fix changes the check to operate on sectors instead. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack conditions, low privileges, no user interaction, and high availability impact.
Defensive priority
Medium-high. The issue requires local access and low privileges, but it affects kernel logic and carries a high availability impact. For systems in scope of the Siemens advisory, patching should be treated as a prompt maintenance item rather than deferred routine work.
Recommended defensive actions
- Update affected Siemens SIMATIC CN 4100 systems to V5.0 or later, as stated in the vendor remediation guidance.
- Validate whether any deployed assets match the advisory scope before maintenance windows are scheduled.
- Track the Siemens/CISA advisory references for any clarifications or follow-on updates.
- Prioritize patching on systems where local access is possible or where availability loss would be operationally significant.
- Use standard ICS defense-in-depth and hardening practices from the cited CISA guidance while remediation is underway.
Evidence notes
This debrief is based only on the supplied CISA CSAF source item and the official reference links included with it. The source text states the Linux kernel overflow condition in blk_stack_limits(), the CVSS vector and score, and the vendor remediation recommendation to update to V5.0 or later. The vendor/product association in the supplied data is marked low confidence and needs review, so the advisory’s Siemens SIMATIC CN 4100 scope is reported as provided without overclaiming broader product applicability.
Official resources
-
CVE-2025-39795 CVE record
CVE.org
-
CVE-2025-39795 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF source on 2026-05-12, with a CISA republication noted on 2026-05-14. The dates used here are the CVE/source publication and modification dates provided in the corpus.