CVE-2025-37756
Description
In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago. Supporting disconnect is really hard, for one thing if offload is enabled we'd need to wait for all packets to be _acked_. Disconnect is not commonly used, disallow it. The immediate problem syzbot run into is the warning in the strp, but that's just the easiest bug to trigger: WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 Call Trace: <TASK> tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363 tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043 inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678 sock_recvmsg_nosec net/socket.c:1023 [inline] sock_recvmsg+0x109/0x280 net/socket.c:1045 __sys_recvfrom+0x202/0x380 net/socket.c:2237
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 6.1.135-1 |
| debian | bullseye | fixed | 5.10.237-1 |
| debian | forky | fixed | 6.12.25-1 |
| debian | sid | fixed | 6.12.25-1 |
| debian | trixie | fixed | 6.12.25-1 |
| linux-kernel | affected | 5.10.237 | |
| linux-kernel | 6.15 | affected | |
| debian | 11.0 | affected | |
References
- https://git.kernel.org/stable/c/2bcad8fefcecdd5f005d8c550b25d703c063c34a
- https://git.kernel.org/stable/c/5071a1e606b30c0c11278d3c6620cd6a24724cf6
- https://git.kernel.org/stable/c/7bdcf5bc35ae59fc4a0fa23276e84b4d1534a3cf
- https://git.kernel.org/stable/c/8513411ec321942bd3cfed53d5bb700665c67d86
- https://git.kernel.org/stable/c/9fcbca0f801580cbb583e9cb274e2c7fbe766ca6
- https://git.kernel.org/stable/c/ac91c6125468be720eafde9c973994cb45b61d44
- https://git.kernel.org/stable/c/c665bef891e8972e1d3ce5bbc0d42a373346a2c3
- https://git.kernel.org/stable/c/f3ce4d3f874ab7919edca364c147ac735f9f1d04
- http://www.openwall.com/lists/oss-security/2026/05/07/1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://www.suse.com/security/cve/CVE-2025-37756.html
- https://security-tracker.debian.org/tracker/CVE-2025-37756
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.