PatchSiren cyber security CVE debrief
CVE-2025-39843 Cert Portal CVE debrief
CVE-2025-39843 describes a Linux kernel locking flaw that can trigger spinlock recursion and a deadlock/OOPS during timer and slab allocation activity. In the supplied Siemens/CISA advisory, the issue is tied to Siemens SIMATIC CN 4100 versions earlier than 5.0 and is rated HIGH. The defensive takeaway is straightforward: affected deployments should be identified and updated to the vendor-fixed release.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC CN 4100 owners and operators running versions before 5.0, plus OT/ICS teams responsible for Linux-based embedded systems that rely on the affected kernel code paths.
Technical summary
According to the advisory text, set_track_prepare() can be reached from hrtimer_start_range_ns() while holding the per-CPU hrtimer lock. When CONFIG_DEBUG_OBJECTS_TIMERS is enabled, allocation inside set_track_prepare() may implicitly wake kswapd and re-enter the same lock path, causing lock recursion. The fix avoids that implicit wakeup by passing allocation flags without __GFP_KSWAPD_RECLAIM in debug_objects_fill_pool(), and masks out __GFP_DIRECT_RECLAIM in ___slab_alloc() because preemption is disabled there. The advisory includes an example crash trace showing spinlock recursion.
Defensive priority
High for any affected Siemens SIMATIC CN 4100 deployment; prioritize patching because the issue can produce lock recursion, deadlock, and system instability even though the attack vector is local.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later, per the vendor remediation.
- Inventory all deployed Siemens SIMATIC CN 4100 systems and confirm whether they are in the affected version range.
- Treat systems that cannot be immediately updated as higher risk and increase monitoring for crashes, lockups, or unexpected reboots.
- Use the official Siemens and CISA advisory pages to verify product-specific guidance before maintenance windows.
- Apply standard ICS defense-in-depth and access-control practices while patching is scheduled.
Evidence notes
The supplied source advisory (ICSA-26-134-10 / SSA-032379) states the issue affects Siemens SIMATIC CN 4100 versions before 5.0 and recommends updating to V5.0 or later. It assigns CVSS 3.1 7.0 HIGH (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). The source timeline shows publication on 2026-05-12 and a CISA republication on 2026-05-14. The enrichment data provided does not mark this CVE as KEV.
Official resources
-
CVE-2025-39843 CVE record
CVE.org
-
CVE-2025-39843 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory was published on 2026-05-12 and republished by CISA on 2026-05-14. The supplied source ties the issue to Siemens ProductCERT advisory SSA-032379 / CISA advisory ICSA-26-134-10.