CVE-2025-37756
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
04/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: tls: explicitly disallow disconnect<br />
<br />
syzbot discovered that it can disconnect a TLS socket and then<br />
run into all sort of unexpected corner cases. I have a vague<br />
recollection of Eric pointing this out to us a long time ago.<br />
Supporting disconnect is really hard, for one thing if offload<br />
is enabled we&#39;d need to wait for all packets to be _acked_.<br />
Disconnect is not commonly used, disallow it.<br />
<br />
The immediate problem syzbot run into is the warning in the strp,<br />
but that&#39;s just the easiest bug to trigger:<br />
<br />
WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486<br />
RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486<br />
Call Trace:<br />
<br />
tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363<br />
tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043<br />
inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678<br />
sock_recvmsg_nosec net/socket.c:1023 [inline]<br />
sock_recvmsg+0x109/0x280 net/socket.c:1045<br />
__sys_recvfrom+0x202/0x380 net/socket.c:2237
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.13 (including) | 5.10.237 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.181 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.135 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2bcad8fefcecdd5f005d8c550b25d703c063c34a
- https://git.kernel.org/stable/c/5071a1e606b30c0c11278d3c6620cd6a24724cf6
- https://git.kernel.org/stable/c/7bdcf5bc35ae59fc4a0fa23276e84b4d1534a3cf
- https://git.kernel.org/stable/c/8513411ec321942bd3cfed53d5bb700665c67d86
- https://git.kernel.org/stable/c/9fcbca0f801580cbb583e9cb274e2c7fbe766ca6
- https://git.kernel.org/stable/c/ac91c6125468be720eafde9c973994cb45b61d44
- https://git.kernel.org/stable/c/c665bef891e8972e1d3ce5bbc0d42a373346a2c3
- https://git.kernel.org/stable/c/f3ce4d3f874ab7919edca364c147ac735f9f1d04
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html