PatchSiren cyber security CVE debrief
CVE-2025-38312 Siemens CVE debrief
CVE-2025-38312 is a denial-of-service issue tied to a Linux kernel framebuffer conversion path referenced in Siemens’s SIMATIC S7-1500 advisory. The problem can lead to a kernel oops if an internal refresh value overflows to zero and is then used as a divider. Siemens’s advisory lists affected SIMATIC S7-1500 CPU family products, states that no fix was available at the time of publication, and recommends access-reduction and trusted-source controls.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT/ICS operators using the affected Siemens SIMATIC S7-1500 or SIPLUS S7-1500 CPU models, especially environments that expose the additional GNU/Linux subsystem or allow interactive/local access to it. Security and operations teams responsible for industrial controllers should review compensating controls because the issue is availability-impacting and may result in a device crash.
Technical summary
The advisory text describes a Linux kernel fbdev/core fbcvt flaw in fb_cvt_hperiod(): if mode->refresh reaches 0x80000000 in fb_find_mode_cvt(), multiplying by 2 overflows cvt.f_refresh to 0, and that zero value is then used as a divisor, causing a kernel oops. The supplied CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) matches a local, low-privilege, availability-only impact. CISA’s CSAF record maps the issue to multiple Siemens SIMATIC S7-1500 CPU family products and notes no available fix in the referenced advisory revision.
Defensive priority
Medium
Recommended defensive actions
- Inventory the listed Siemens products and confirm whether the additional GNU/Linux subsystem is present and exposed in your deployment.
- Restrict access to interactive shell functionality to trusted personnel only, as recommended in the advisory.
- Allow only applications from trusted sources on affected systems.
- Monitor Siemens ProductCERT and CISA advisory revisions for a future fix or updated mitigation guidance.
- Treat unexpected controller crashes or kernel oops events as a security-relevant availability incident and investigate local access paths.
Evidence notes
The supplied CISA CSAF source and Siemens references identify CVE-2025-38312 as affecting Siemens SIMATIC S7-1500 CPU family products and describe the underlying Linux kernel issue as a division-by-zero in fb_cvt_hperiod() after an overflow in fb_find_mode_cvt(). The source advisory also states that no fix was available and provides mitigations focused on limiting shell access and using trusted sources. The CVSS vector in the source is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, supporting a local availability-impacting assessment.
Official resources
-
CVE-2025-38312 CVE record
CVE.org
-
CVE-2025-38312 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-06-10 in CISA’s CSAF advisory ICSA-25-162-05 and Siemens ProductCERT advisory SSA-082556; the source record was last updated on 2026-05-14. The issue was reported by the Linux Verification Center (linuxtesting.org