PatchSiren cyber security CVE debrief
CVE-2025-39864 Cert Portal CVE debrief
CVE-2025-39864 is described in the source advisory as a Linux kernel cfg80211 use-after-free in cmp_bss()/cfg80211_update_known_bss(). The issue is tied to beacon-frame element lifetime handling after a prior bss_free() quirk, and the listed fix is to avoid freeing shared elements referenced by hidden_beacon_bss. The source metadata maps the advisory to Siemens SIMATIC CN 4100 versions before 5.0, but the description text is kernel-specific, so product applicability should be validated carefully before assuming exposure.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Asset owners and operators who rely on the Siemens SIMATIC CN 4100 advisory scope, plus teams responsible for Linux-kernel-based embedded systems that use cfg80211. Because the source metadata and vulnerability description do not fully align, inventory validation is important before prioritizing remediation.
Technical summary
The advisory text says a use-after-free exists in the Linux kernel wifi cfg80211 path. After commit 776b3580178f introduced hidden-SSID tracking behavior, cfg80211_update_known_bss() could free the last beacon frame elements even when those elements were still shared through the hidden_beacon_bss pointer. That creates a memory-safety condition in cmp_bss()-related processing. The source bundle gives the issue a CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), and the remediation listed in the advisory is to update to V5.0 or later.
Defensive priority
High priority for any confirmed affected deployment. The CVSS score is 7.8 and the issue is a memory-safety flaw, but the advisory’s product mapping should be verified first because the title/product metadata and the Linux-kernel description are inconsistent.
Recommended defensive actions
- Update to V5.0 or later, per the advisory remediation.
- Validate whether your environment matches the advisory’s Siemens SIMATIC CN 4100 scope before scheduling change windows.
- Confirm whether any embedded Linux systems in your fleet use the affected cfg80211/kernel code path.
- Track CISA and Siemens advisory updates for clarification of product applicability.
- Prioritize remediation on exposed or operationally critical assets once affected systems are confirmed.
Evidence notes
CISA’s CSAF source shows initial publication on 2026-05-12 and republication on 2026-05-14 from Siemens ProductCERT advisory SSA-032379. The source description states: ‘wifi: cfg80211: fix use-after-free in cmp_bss()’ and explains that freeing last beacon frame elements must be skipped when shared via hidden_beacon_bss. The advisory metadata also lists the remediation ‘Update to V5.0 or later version.’ The source bundle’s title/product metadata references Siemens SIMATIC CN 4100 vers:intdot/<5.0, but the vulnerability description is Linux-kernel-specific; this mismatch is noted as a review concern.
Official resources
-
CVE-2025-39864 CVE record
CVE.org
-
CVE-2025-39864 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-134-10 on 2026-05-12 and republished it on 2026-05-14 from Siemens ProductCERT SSA-032379. The source bundle should be treated as authoritative for the dates and remediation, but the product metadata and Linux-kernel-