** Description changed: BugLink: https://bugs.launchpad.net/bugs/2120516 [Impact] Disconnect a kernel TLS socket causes various unexpected issues. [Fix] This has been fixed by upstream: commit 5071a1e606b30c0c11278d3c6620cd6a24724cf6 Author: Jakub Kicinski <[email protected]> Date: Fri Apr 4 11:03:33 2025 -0700 net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago. Supporting disconnect is really hard, for one thing if offload is enabled we'd need to wait for all packets to be _acked_. Disconnect is not commonly used, disallow it. It's also CVE 2025-37756 and has been SRU to 5.15 jammy kernel. + 6.14 Pluky kernel also has this commit. [Test Plan] Use ktls_test tool to verify the basic kernel tls function https://github.com/insanum/ktls_test.git [Where problems could occur] This commit only adds disconnect function and return not support directly, shouldn't have any regression. If there is something wrong, it's in the disconnect stage, the impact should be minor.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2120516 Title: Explicitly disallow disconnect To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120516/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
