PatchSiren cyber security CVE debrief
CVE-2025-38465 Siemens CVE debrief
CVE-2025-38465 describes a Linux kernel netlink memory-accounting flaw where sk->sk_rmem_alloc can wrap around and stop enforcing the receive-buffer limit correctly. In the provided advisory text, that can let a single local socket keep accumulating skb buffers until memory exhaustion and OOM-driven denial of service. The source advisory in this corpus associates the CVE with Siemens SIMATIC S7-1500 CPU family products and says no fix is currently available.
- Vendor
- Siemens
- Product
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-06-10
- Advisory updated
- 2026-05-14
Who should care
Security and operations teams responsible for the Siemens SIMATIC S7-1500 CPU family listed in the advisory, and Linux platform owners who need to assess local-denial-of-service risk from the netlink receive-memory accounting issue.
Technical summary
The advisory text says some netlink code compared atomic_read(&sk->sk_rmem_alloc) and sk->sk_rcvbuf as int values, so setting SO_RCVBUFFORCE to INT_MAX can make the guard condition ineffective. That allows repeated skb accounting additions, multiple wraparounds of sk->sk_rmem_alloc, and eventual memory exhaustion. The described fix is to use atomic_add_return() and compare the values as unsigned int, matching the earlier UDP fix referenced in the CVE text.
Defensive priority
Medium. The CVSS vector in the source is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, so the main concern is local availability impact rather than remote compromise. Prioritize remediation if affected systems allow local shell or application execution.
Recommended defensive actions
- Restrict access to the interactive shell of the affected systems to trusted personnel only, as stated in the source remediation guidance.
- Only build and run applications from trusted sources on the affected systems, as stated in the source remediation guidance.
- Track Siemens and CISA advisory updates for the affected products, because the source currently says no fix is available.
- Review local-user and privilege boundaries on affected hosts to reduce exposure to a local denial-of-service condition.
Evidence notes
CVE publishedAt: 2025-06-10T00:00:00.000Z; modifiedAt: 2026-05-14T06:00:00.000Z. The source item is CISA CSAF ICSA-25-162-05, republished from Siemens ProductCERT SSA-082556, and its revision history shows updates through 2026-05-14. The corpus links the CVE to five Siemens SIMATIC S7-1500 CPU product variants and explicitly states "Currently no fix is available." Note that the technical description is a Linux kernel netlink issue, so the source corpus contains an advisory-context mismatch that should be handled carefully when scoping affected products.
Official resources
-
CVE-2025-38465 CVE record
CVE.org
-
CVE-2025-38465 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-06-10 and updated in the supplied source through 2026-05-14.