PatchSiren cyber security CVE debrief
CVE-2025-39845 Cert Portal CVE debrief
CVE-2025-39845 is a Linux kernel x86/mm/64 page-table synchronization flaw that can trigger boot-time page faults or vmemmap crashes on systems using 4-level paging and persistent memory. In the supplied advisory corpus, CISA republishes Siemens ProductCERT advisory SSA-032379 and maps the issue to Siemens SIMATIC CN 4100 versions earlier than 5.0, with a published CVSS score of 5.5/Medium. The issue is primarily an availability risk and is described with local-access prerequisites in the published vector.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT operators and maintainers running Siemens SIMATIC CN 4100 systems, Linux kernel/embedded platform teams, and anyone operating 4-level paging systems that use persistent memory, DAX, or memremap_pages()-dependent boot paths.
Technical summary
The fix defines ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() so page tables are properly synchronized when calling p*d_populate_kernel(). In 5-level paging, synchronization occurs through pgd_populate_kernel(); in 4-level paging, pgd_populate() is a no-op, so synchronization must happen at the P4D level via p4d_populate_kernel(). The missing synchronization caused intermittent page faults during __init_single_page() and a crash in vmemmap_set_pmd() when vmemmap was accessed before sync_global_pgds() completed.
Defensive priority
Medium, with higher operational priority for production OT environments where boot failure or kernel crash would cause service interruption.
Recommended defensive actions
- Update to Siemens V5.0 or later as listed in the vendor remediation.
- Confirm whether any deployed SIMATIC CN 4100 systems are running versions earlier than 5.0 and are in scope of SSA-032379 / ICSA-26-134-10.
- Plan the update in a maintenance window and validate system boot and persistent-memory workflows after reboot.
- If you maintain a custom or backported kernel, verify that the page-table synchronization fix is present in the build.
- Monitor affected hosts for boot-time page faults, vmemmap crashes, or other availability symptoms until remediation is complete.
Evidence notes
Timing and advisory context come from the supplied CISA CSAF source item: published 2026-05-12 and republished 2026-05-14 from Siemens ProductCERT advisory SSA-032379. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (5.5/Medium), indicating an availability-only impact with local prerequisites. The source text describes intermittent boot failures on 4-level paging systems with large persistent memory and a crash in vmemmap_set_pmd(); the product mapping to Siemens SIMATIC CN 4100 <5.0 is present in the advisory metadata but marked low confidence / needs review. No KEV entry or ransomware campaign use is supplied in the corpus.
Official resources
-
CVE-2025-39845 CVE record
CVE.org
-
CVE-2025-39845 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA ICS Advisory ICSA-26-134-10 on 2026-05-12 and republished on 2026-05-14 from Siemens ProductCERT advisory SSA-032379. No KEV listing is supplied in the provided enrichment.