CVE-2025-71120

MEDIUM EPSS 5.6%
Published Jan 14, 20265mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 14, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥4.19.99  –  <4.20
linuxlinux_kernel*≥5.4.15  –  <5.5
linuxlinux_kernel*≥5.5.1  –  <5.10.248
linuxlinux_kernel*≥5.11  –  <5.15.198
linuxlinux_kernel*≥5.16  –  <6.1.160
linuxlinux_kernel*≥6.2  –  <6.6.120
linuxlinux_kernel*≥6.7  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.18.3
linuxlinux_kernel5.5any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd
    Patch