PatchSiren cyber security CVE debrief
CVE-2025-38393 Siemens CVE debrief
CVE-2025-38393 is a race-condition issue in the Linux kernel’s NFSv4/pNFS path that can leave tasks stuck waiting for layout drain and writeback progress. In Siemens’ advisory for the SIMATIC S7-1500 CPU family, the impact is framed as an availability problem affecting the Linux-based subsystem, with mitigations provided and no fix available at the time of publication.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
OT defenders, Siemens SIMATIC S7-1500 operators, and teams responsible for Linux-based industrial controllers or embedded GNU/Linux subsystems should review this advisory, especially if they rely on NFSv4/pNFS functionality or can access the device shell.
Technical summary
The source description says the kernel issue was resolved by fixing a race to wake on NFS_LAYOUT_DRAIN. Reported symptoms included systems hung in writeback waiting on the same page lock and a task waiting on the NFS_LAYOUT_DRAIN bit even though the pnfs_layout_hdr plh_outstanding count was zero. The advisory attributes the failure mode to a waiter/waker race similar to a prior Linux kernel synchronization fix and says the remedy is to apply the advised memory barrier. The supplied CVSS vector indicates a local, high-complexity availability issue with no confidentiality or integrity impact.
Defensive priority
Medium. The score and advisory context indicate an availability-focused issue rather than code execution or data exposure, but the affected products are industrial control devices where hangs can still matter operationally.
Recommended defensive actions
- Review Siemens advisory SSA-082556 and CISA advisory ICSA-25-162-05 for the affected SIMATIC S7-1500 CPU models listed in the source.
- Apply Siemens-provided mitigations for the affected products, including restricting access to the interactive shell of the additional GNU/Linux subsystem to trusted personnel only.
- Only build and run applications from trusted sources on affected devices.
- Monitor affected systems for unexpected writeback stalls, NFS-related hangs, or broader availability degradation.
- Track the Siemens and CISA advisories for any future fix availability or updated remediation guidance.
Evidence notes
The source corpus identifies CVE-2025-38393 as a Linux kernel NFSv4/pNFS race condition and provides the exact advisory context from CISA CSAF for Siemens SIMATIC S7-1500 CPU family products. It also states that no fix is currently available and lists mitigations. The publication date used here is the supplied CVE/advisory publication date of 2025-06-10, with the latest supplied source update on 2026-05-14. No unsupported exploitability, attack path, or product behavior beyond the advisory text is added.
Official resources
-
CVE-2025-38393 CVE record
CVE.org
-
CVE-2025-38393 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published 2025-06-10 and last updated in the supplied source on 2026-05-14. CISA republished the Siemens advisory under ICSA-25-162-05; the source states no fix is available and provides mitigations.