PatchSiren cyber security CVE debrief
CVE-2025-38100 Siemens CVE debrief
CVE-2025-38100 is a Linux kernel flaw described in Siemens/CISA advisory ICSA-25-162-05. A TIF_IO_BITMAP state inconsistency can lead to a NULL pointer dereference in tss_update_io_bitmap(), creating an availability impact that is rated medium severity in the supplied record. The advisory ties exposure to affected SIMATIC S7-1500 CPU family products and states that no fix was available in the supplied material.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Siemens SIMATIC S7-1500 operators, OT/ICS administrators, and anyone responsible for systems that expose the affected GNU/Linux subsystem or local shell access. It is most relevant where local users, maintenance workflows, or embedded Linux components can reach the kernel paths described in the advisory.
Technical summary
The supplied description says io_bitmap_exit() can call task_update_io_bitmap() in a way that reaches tss_update_io_bitmap() on the current task even when the current task has TIF_IO_BITMAP set but no bitmap installed. That inconsistent state can crash the kernel with a NULL pointer dereference. The described remediation is to avoid updating I/O bitmap state for a non-current task during failed-fork cleanup, clear TIF_IO_BITMAP in copy_thread(), and warn if tss_update_io_bitmap() is called with inconsistent state. The published CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Defensive priority
Medium. The record indicates a local, availability-only issue with no confidentiality or integrity impact, but in OT environments even a local kernel crash can be operationally significant. Prioritize exposure review and access restriction while awaiting vendor guidance or a fix.
Recommended defensive actions
- Identify whether any affected SIMATIC S7-1500 CPU family product listed in the advisory is in use.
- Review whether the GNU/Linux subsystem or interactive shell access is exposed to more users than necessary.
- Restrict shell and local administrative access to trusted personnel only, as recommended in the advisory.
- Limit execution to trusted software sources and maintenance workflows.
- Monitor affected systems for unexpected kernel crashes, watchdog resets, or instability consistent with a denial-of-service condition.
- Track Siemens/CISA advisory updates for a vendor fix or additional mitigation guidance.
Evidence notes
The supplied source item is CISA CSAF advisory ICSA-25-162-05, published 2025-06-10 and most recently updated/republished 2026-05-14. The advisory names five affected Siemens SIMATIC S7-1500 CPU family products and states that no fix is currently available in the provided remediations. The vulnerability description explicitly attributes the issue to TIF_IO_BITMAP inconsistency causing a NULL pointer dereference in tss_update_io_bitmap(), and the supplied CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Official resources
-
CVE-2025-38100 CVE record
CVE.org
-
CVE-2025-38100 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-25-162-05 was published on 2025-06-10 and was last updated/republished on 2026-05-14. The supplied record does not mark this CVE as KEV, and the advisory states that no fix is currently available for the affected SIM