PatchSiren cyber security CVE debrief
CVE-2025-39857 Cert Portal CVE debrief
CVE-2025-39857 is a Linux kernel NULL pointer dereference in the SMC/RDMA path, documented by CISA and Siemens ProductCERT. The advisory says the issue can be triggered when a software RoCE device is used and the kernel reaches smc_ib_is_sg_need_sync() with ibdev->dma_device set to null, which can crash the system; Siemens recommends updating SIMATIC CN 4100 to V5.0 or later.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and maintainers of Siemens SIMATIC CN 4100 systems running versions before V5.0, especially where Linux SMC/RDMA and software RoCE are in use. Security teams responsible for industrial Linux hosts should also treat this as a high-priority stability and hardening fix.
Technical summary
The advisory describes a NULL pointer dereference in smc_ib_is_sg_need_sync() inside the Linux kernel SMC stack. The failure appears in the smc_listen_work path during buffer/device setup, and the supplied notes state that when a software RoCE device is used, ibdev->dma_device can be null. The fix adds null-pointer detection before the code uses that field.
Defensive priority
High. The advisory assigns CVSS 7.0 (HIGH) and the failure is in kernel code on an industrial product path. Even if the most visible symptom is a crash/oops, kernel faults in operational systems can create meaningful availability risk.
Recommended defensive actions
- Apply Siemens guidance: update SIMATIC CN 4100 to V5.0 or later.
- Review whether software RoCE is enabled or otherwise reachable on affected systems.
- Prioritize patching or maintenance windows for affected industrial Linux deployments before broadening exposure.
- Monitor affected hosts for kernel oopses or repeated workqueue crashes involving smc_listen_work or smc_ib_is_sg_need_sync().
- Verify vendor advisory applicability against the exact deployed product and version, since the supplied source marks the product mapping as low confidence and needs review.
Evidence notes
Source material is limited to the supplied CISA CSAF advisory and its linked Siemens ProductCERT references. The supplied timeline shows initial publication on 2026-05-12 and a CISA republication on 2026-05-14; these dates are used only as advisory timing, not as vulnerability creation dates. The advisory text explicitly states that software RoCE can leave ibdev->dma_device null and that null detection was added to prevent the fault. Vendor/product metadata in the prompt is marked low confidence and needs review, so applicability should be validated against the exact environment.
Official resources
-
CVE-2025-39857 CVE record
CVE.org
-
CVE-2025-39857 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory on 2026-05-12 and republished it on 2026-05-14, referencing Siemens ProductCERT SSA-032379 / ICSA-26-134-10.