PatchSiren cyber security CVE debrief
CVE-2025-39842 Cert Portal CVE debrief
CVE-2025-39842 is a Linux kernel ocfs2 issue that can lead to a null-pointer dereference during volume dismount after journal shutdown has already occurred. The advisory states that osb->journal should be NULL at that point, and that adding checks before releasing the journal inode prevents the failure path. The stated impact is availability-only and the CVSS vector indicates local access with low privileges.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Linux kernel maintainers, downstream distribution teams, and operators who rely on ocfs2 or clustered storage paths should review this issue. Any environment that can reach the affected dismount and inode eviction path should prioritize the fix, especially where kernel crashes or service interruption would affect production workloads.
Technical summary
The supplied advisory describes a bad state transition in ocfs2 teardown: ocfs2_journal_shutdown() is executed before ocfs2_delete_osb(), so osb->journal is expected to be NULL. Without a null check, the dismount path can continue into jbd2_journal_release_jbd_inode() through inode eviction and clear-inode handling, producing a null-pointer dereference. The source CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with a local, low-privilege availability impact.
Defensive priority
Medium. The issue is a kernel-level crash condition with high availability impact, but the supplied CVSS score is 5.5 and the vector indicates local, low-privilege access. Patch and validate affected systems on a normal kernel maintenance cycle, or sooner if ocfs2 is in use on critical hosts.
Recommended defensive actions
- Update to V5.0 or later version as stated in the supplied remediation.
- Review whether ocfs2 is enabled or used on production systems before scheduling maintenance.
- Apply the vendor-provided fix and verify kernel package provenance across all affected hosts.
- Test dismount and shutdown workflows after patching to confirm the null-check path behaves as expected.
- If immediate patching is not possible, reduce exposure by limiting local administrative access on systems that use the affected filesystem path.
Evidence notes
The description in the source advisory explicitly states that ocfs2_journal_shutdown() runs before ocfs2_delete_osb(), that osb->journal must therefore be NULL, and that adding osb->journal checks prevents the null-pointer dereference. The source metadata lists a CVSS 3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, supporting a local availability-impacting issue. The source item also records publication on 2026-05-12 and modification on 2026-05-14. Note: the vendor/product metadata in the supplied item references Siemens SIMATIC CN 4100, but the vulnerability text itself is about the Linux kernel ocfs2 code path; that metadata should be treated as needing review.
Official resources
-
CVE-2025-39842 CVE record
CVE.org
-
CVE-2025-39842 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published 2026-05-12 and modified 2026-05-14 per the supplied source timeline. The CISA republication history in the source item shows an initial publication and a later republication of Siemens ProductCERT advisory SSA-032379.