PatchSiren cyber security CVE debrief
CVE-2025-39835 Cert Portal CVE debrief
CISA published this advisory on 2026-05-12 and republished it on 2026-05-14 with Siemens ProductCERT material. The vulnerability text describes a Linux kernel XFS extended-attribute handling flaw: ENODATA/ENOATTR from disk can be mistaken for “attribute not found,” and in one code path can leave a null buffer pointer that may later be passed to xfs_trans_brelse(), creating a null-dereference risk. The source metadata also maps the issue to Siemens SIMATIC CN 4100 <5.0, but that product attribution does not clearly match the kernel-focused description, so applicability should be validated before taking action.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Linux kernel and storage administrators, XFS maintainers, and operators responsible for systems that may incorporate the affected advisory path. If you are using Siemens SIMATIC CN 4100 or related products from the advisory, confirm whether the listed remediation applies to your deployment; the source metadata is inconsistent enough that review is warranted.
Technical summary
The advisory says XFS should not propagate ENODATA disk errors into xattr code because ENODATA has a specific meaning there: the requested attribute was not found. A medium disk error can also return ENODATA, which can cause incorrect user-visible errors and, in xfs_attr_leaf_get(), a null pointer dereference if xfs_trans_brelse() is called on a null buffer pointer. The reported CVSS is 5.5/Medium with local access, low privileges, and high availability impact.
Defensive priority
Medium priority, but validate applicability promptly. The issue is not scored as critical, yet it can affect availability and may cause kernel oops behavior in the affected path.
Recommended defensive actions
- Confirm whether the advisory's product mapping applies to your environment, since the supplied source data ties a Linux kernel XFS issue to Siemens SIMATIC CN 4100 <5.0.
- Apply the vendor remediation listed in the source: update to V5.0 or later if your affected Siemens product matches the advisory.
- Review any Linux kernel/XFS patches that stop ENODATA disk errors from propagating into xattr handling.
- Prioritize affected hosts that rely on XFS and are exposed to storage/media error conditions, because the issue can surface as both incorrect error reporting and availability impact.
- Use maintenance windows and standard validation to confirm the fix before broad rollout.
- Monitor for filesystem error messages, unexpected XFS behavior, or kernel instability in systems running the affected code path.
Evidence notes
The source corpus states that ENODATA/ENOATTR from disk can be misinterpreted as “attribute not found,” and that xfs_attr_leaf_get() can null-deref when xfs_trans_brelse() receives a null buffer pointer. The advisory was published on 2026-05-12 and modified on 2026-05-14. The same source item also contains a product mapping to Siemens SIMATIC CN 4100 <5.0, but that mapping is low-confidence relative to the Linux kernel-specific vulnerability text.
Official resources
-
CVE-2025-39835 CVE record
CVE.org
-
CVE-2025-39835 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public debrief based only on the supplied CISA CSAF source item and referenced official advisory links. The source metadata contains a low-confidence product mapping that should be validated before applying remediation to a Siemens-specific