PatchSiren cyber security CVE debrief
CVE-2025-39819 Cert Portal CVE debrief
CVE-2025-39819 is a medium-severity Linux kernel SMB/CIFS issue described in Siemens and CISA advisory material. The reported bug is an inconsistent reference-count cleanup path in smb2_compound_op: when allocation of vars fails and -ENOMEM is returned, the cfile reference may not be dropped as expected, which can lead to resource leakage. The supplied advisory text says the fix adds an extra out cleanup path so the reference handling is always respected, and it treats -ENOMEM as non-recoverable for replay logic.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers responsible for systems covered by the Siemens advisory ICSA-26-134-10 / SSA-032379, especially environments running Siemens SIMATIC CN 4100 versions earlier than 5.0. Linux kernel SMB/CIFS maintainers and defenders monitoring kernel resource leaks should also review it. The vendor mapping in the corpus is low-confidence and should be validated before broad operational assumptions are made.
Technical summary
The source describes a reference-count mismatch in smb2_compound_op. The function comment indicates the cfile reference must be dropped after the call, and the patched path restores that cleanup by adding a goto out label so the cleanup logic is reached consistently. The issue is tied to allocation failure for vars; in that case, existing callers would not otherwise account for the cfile refcount update when -ENOMEM occurs. The advisory also notes that -ENOMEM is not recoverable according to is_replayable_error, so replay handling is skipped.
Defensive priority
Medium. The reported impact is availability-oriented resource leakage rather than direct code execution or integrity compromise, and the CVSS vector in the source is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Prioritize if the affected Siemens product mapping applies to your environment or if you rely on the impacted Linux SMB code path.
Recommended defensive actions
- Apply the vendor remediation from the advisory: update to V5.0 or later for the affected Siemens product line named in the source corpus.
- Review whether any deployed systems match the advisory scope in ICSA-26-134-10 / SSA-032379 before scheduling maintenance.
- Monitor affected hosts for signs of repeated resource exhaustion or instability associated with SMB/CIFS operations.
- Validate the vendor/product mapping in your asset inventory, because the supplied corpus marks the vendor confidence as low and needs review.
- Track the linked CISA and Siemens advisories for any follow-up revisions or clarifications.
Evidence notes
All substantive statements here are drawn from the supplied source corpus and linked official references. The corpus contains a Linux kernel SMB refcount cleanup description, while the vendor metadata maps the advisory to Siemens SIMATIC CN 4100 vers:intdot/<5.0 with low confidence and needsReview=true. Timing uses the supplied published/modified dates: 2026-05-12 initial publication and 2026-05-14 republication/modify date. No exploit details beyond the advisory summary are included.
Official resources
-
CVE-2025-39819 CVE record
CVE.org
-
CVE-2025-39819 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory material was published on 2026-05-12 and republished/modified on 2026-05-14 according to the supplied timeline and source metadata.