CVE-2025-38400 Siemens CVE debrief

Who should care

Operators and maintainers who rely on the affected Siemens product set in the supplied advisory, and Linux kernel integrators or platform teams that include NFS and procfs support in their builds. Security teams should pay attention because the issue is locally triggerable and can surface during namespace or network-stack teardown paths.

Technical summary

The vulnerability description states that a fault-injected failure in nfs_fs_proc_net_init() can prevent /proc/net/rpc/nfs from being removed. When the system later runs rpc_proc_exit(), the procfs hierarchy is not empty, so remove_proc_entry() emits a warning about leaking at least 'nfs'. The supplied evidence includes a syzbot report showing the failure triggered through slab allocation fault injection during proc_create_net_data() and then observed during network namespace teardown. The advisory’s CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local issue with availability impact.

Defensive priority

Medium. The issue is not described as remote code execution or data exposure, but it can cause kernel warnings and cleanup failures in a privileged local path. Because the source advisory ties it to an industrial product family, validation of exposure and firmware/software versioning should be prioritized.

Recommended defensive actions

• Verify whether any deployed Siemens product or Linux-based runtime in your environment matches the affected advisory scope listed in the source record.
• Apply vendor-provided updates or firmware/software revisions as soon as they are available for the affected product set.
• Review whether NFS and related procfs cleanup paths are present in your Linux kernel builds and ensure you are on a version that includes the fix described by the advisory.
• Monitor for repeated kernel warnings involving remove_proc_entry(), /proc/net/rpc, or NFS namespace teardown.
• Use the source-listed hardening guidance where applicable, including limiting interactive shell access to trusted personnel and running only trusted applications.

Evidence notes

The supplied description says: 'nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.' It also includes a syzbot fault-injection trace showing failure in nfs_fs_proc_net_init() and a later warning: 'remove_proc_entry: removing non-empty directory 'net/rpc', leaking at least 'nfs''. The source CSAF metadata associates CVE-2025-38400 with Siemens SIMATIC S7-1500 CPU product entries and lists the issue publication date as 2025-06-10, with a latest update on 2026-05-14. The source remediations section states 'Currently no fix is available', so product-specific mitigation should be validated directly against the vendor advisory and current firmware/software status.

Official resources