PatchSiren cyber security CVE debrief
CVE-2025-39848 Cert Portal CVE debrief
CVE-2025-39848 is a medium-severity denial-of-service issue tied to Linux kernel AX.25 packet handling. According to the advisory text, ax25_kiss_rcv() can queue or mangle a shared skb without unsharing it first, which can leave skb->dev NULL and trigger a crash in __netif_receive_skb_core(). The source advisory maps the issue to Siemens SIMATIC CN 4100 versions earlier than V5.0 and recommends updating to V5.0 or later.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers responsible for Siemens SIMATIC CN 4100 systems on versions earlier than V5.0, especially environments that rely on the affected Linux kernel networking path. Security teams should also note the local-access, availability-focused risk profile from the CVSS vector.
Technical summary
The advisory describes a bug in ax25_kiss_rcv() where input skbs may be modified while still shared. That unsafe handling can corrupt packet state; after the netns packet-chain change referenced in the advisory, skb->dev may become NULL and the kernel can crash in __netif_receive_skb_core(). The published CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local, low-privilege denial-of-service condition with no stated confidentiality or integrity impact.
Defensive priority
Medium. Prioritize remediation if you run the affected Siemens product branch or any deployment that depends on the vulnerable AX.25 kernel path; otherwise track it as a localized availability risk.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later as specified in the advisory.
- Inventory where the affected product or kernel branch is deployed before scheduling maintenance.
- Treat the issue as a local denial-of-service risk and review local-privilege exposure on affected systems.
- If AX.25 is not required in your environment, disable or avoid exposing that path where operationally feasible.
- Monitor affected systems for kernel crashes or unexpected service interruptions until remediation is complete.
Evidence notes
The source corpus includes the Linux-kernel vulnerability description, the CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, the CISA CSAF advisory metadata, and Siemens remediation guidance to update to V5.0 or later. The advisory metadata maps the issue to Siemens SIMATIC CN 4100 vers:intdot/<5.0, but the vulnerability text itself describes an AX.25 Linux kernel bug; that product-scoping linkage should be treated as advisory-scoped context from the supplied source, not independently verified here. Published date context is 2026-05-12 with a source republication/revision on 2026-05-14.
Official resources
-
CVE-2025-39848 CVE record
CVE.org
-
CVE-2025-39848 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Source timing indicates initial publication on 2026-05-12 and a CISA republication/revision on 2026-05-14. The supplied advisory metadata is low-confidence for product mapping and should be read alongside the Linux-kernel vulnerability text