{"id":"CVE-2025-37756","summary":"net: tls: explicitly disallow disconnect","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: explicitly disallow disconnect\n\nsyzbot discovered that it can disconnect a TLS socket and then\nrun into all sort of unexpected corner cases. I have a vague\nrecollection of Eric pointing this out to us a long time ago.\nSupporting disconnect is really hard, for one thing if offload\nis enabled we'd need to wait for all packets to be _acked_.\nDisconnect is not commonly used, disallow it.\n\nThe immediate problem syzbot run into is the warning in the strp,\nbut that's just the easiest bug to trigger:\n\n  WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n  RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n  Call Trace:\n   \u003cTASK\u003e\n   tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363\n   tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043\n   inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678\n   sock_recvmsg_nosec net/socket.c:1023 [inline]\n   sock_recvmsg+0x109/0x280 net/socket.c:1045\n   __sys_recvfrom+0x202/0x380 net/socket.c:2237","modified":"2026-03-20T12:42:24.366650Z","published":"2025-05-01T12:56:00.539Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20475-1","SUSE-SU-2025:20483-1","SUSE-SU-2025:20493-1","SUSE-SU-2025:20498-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37756.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2bcad8fefcecdd5f005d8c550b25d703c063c34a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5071a1e606b30c0c11278d3c6620cd6a24724cf6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7bdcf5bc35ae59fc4a0fa23276e84b4d1534a3cf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8513411ec321942bd3cfed53d5bb700665c67d86"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9fcbca0f801580cbb583e9cb274e2c7fbe766ca6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac91c6125468be720eafde9c973994cb45b61d44"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c665bef891e8972e1d3ce5bbc0d42a373346a2c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f3ce4d3f874ab7919edca364c147ac735f9f1d04"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37756.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37756"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3c4d7559159bfe1e3b94df3a657b2cda3a34e218"},{"fixed":"7bdcf5bc35ae59fc4a0fa23276e84b4d1534a3cf"},{"fixed":"ac91c6125468be720eafde9c973994cb45b61d44"},{"fixed":"f3ce4d3f874ab7919edca364c147ac735f9f1d04"},{"fixed":"2bcad8fefcecdd5f005d8c550b25d703c063c34a"},{"fixed":"9fcbca0f801580cbb583e9cb274e2c7fbe766ca6"},{"fixed":"c665bef891e8972e1d3ce5bbc0d42a373346a2c3"},{"fixed":"8513411ec321942bd3cfed53d5bb700665c67d86"},{"fixed":"5071a1e606b30c0c11278d3c6620cd6a24724cf6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37756.json"}}],"schema_version":"1.7.5"}