CVE-2025-39682

EUVD-2025-31542

05.09.2025, 18:15

In the Linux kernel, the following vulnerability has been resolved:

tls: fix handling of zero-length records on the rx_list

Each recvmsg() call must process either
 - only contiguous DATA records (any number of them)
 - one non-DATA record

If the next record has different type than what has already been
processed we break out of the main processing loop. If the record
has already been decrypted (which may be the case for TLS 1.3 where
we don't know type until decryption) we queue the pending record
to the rx_list. Next recvmsg() will pick it up from there.

Queuing the skb to rx_list after zero-copy decrypt is not possible,
since in that case we decrypted directly to the user space buffer,
and we don't have an skb to queue (darg.skb points to the ciphertext
skb for access to metadata like length).

Only data records are allowed zero-copy, and we break the processing
loop after each non-data record. So we should never zero-copy and
then find out that the record type has changed. The corner case
we missed is when the initial record comes from rx_list, and it's
zero length.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
siemens-SADP	ADP	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.0 ≤ 𝑥 < 6.1.149
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.103
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.44
linux	linux_kernel	6.13 ≤ 𝑥 < 6.16.4
linux	linux_kernel	6.17:rc1
linux	linux_kernel	6.17:rc2
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
Siemens	SIMATIC CN 4100	𝑥 < V5.0	ADP
siemens	simatic_cn_4100	𝑥 < 5.0	ADP

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	7.0.10-1 fixed
sid	7.0.10-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

linux-6.1

bullseye (security)

6.1.174-1~deb11u1

fixed

openSUSE / SLES Releases

openSUSE Product

Release

kernel-64kb

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.2 fixed

kernel-default-base

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1.150600.12.32.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1.150700.17.13.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1.150600.12.32.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1.150700.17.13.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1.150600.12.32.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1.150700.17.13.1 fixed

kernel-docs

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-macros

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-source

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-source-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.2 fixed

kernel-syms

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-syms-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

kernel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-abi-stablelists

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-devel-matched

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-doc

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-debug

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-debug-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-debug-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-debug-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-debug-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-debug-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-64k-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug-kvm

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-debug-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-kvm

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-rt-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-tools

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-tools-libs

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-tools-libs-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-uki-virt

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-uki-virt-addons

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump-devel

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump-modules

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

kernel-zfcpdump-modules-extra

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

libperf

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

perf

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

python3-perf

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

rtla

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

RHEL 9

0:5.14.0-570.49.1.el9_6

fixed

Amazon Linux Releases

Amazon Package

Release

bpftool

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

bpftool-debuginfo

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

bpftool6.12

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

bpftool6.12-debuginfo

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-debuginfo

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-debuginfo-common-aarch64

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-debuginfo-common-x86_64

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-devel

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-headers

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-libbpf

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-libbpf-debuginfo

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-libbpf-devel

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-libbpf-static

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-livepatch-6.1.150-174.273

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-livepatch-6.12.46-66.121

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-modules-extra

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-modules-extra-common

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-tools

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-tools-debuginfo

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel-tools-devel

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

kernel6.12

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-debuginfo

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-debuginfo-common-aarch64

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-debuginfo-common-x86_64

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-devel

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-headers

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-libbpf

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-libbpf-debuginfo

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-libbpf-devel

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-libbpf-static

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-modules-extra

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-modules-extra-common

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-tools

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-tools-debuginfo

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

kernel6.12-tools-devel

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

perf

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

perf-debuginfo

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

perf6.12

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

perf6.12-debuginfo

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

python3-perf

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

python3-perf-debuginfo

Amazon Linux 2023

1:6.1.150-174.273.amzn2023

fixed

python3-perf6.12

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

python3-perf6.12-debuginfo

Amazon Linux 2023

1:6.12.46-66.121.amzn2023

fixed

Azure Linux Releases

Azure Package

Release

kernel

Azure Linux 3.0

0:6.6.104.2-1.azl3

fixed

References

https://git.kernel.org/stable/c/2902c3ebcca52ca845c03182000e8d71d3a5196f

https://git.kernel.org/stable/c/29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e

https://git.kernel.org/stable/c/3439c15ae91a517cf3c650ea15a8987699416ad9

https://git.kernel.org/stable/c/62708b9452f8eb77513115b17c4f8d1a22ebf843

https://git.kernel.org/stable/c/c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://cert-portal.siemens.com/productcert/html/ssa-032379.html