CVE-2025-71120

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8	Patch
https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d	Patch
https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b	Patch
https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19	Patch
https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810	Patch
https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d	Patch
https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.5:-::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

25 Mar 2026, 18:45

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.5:-::::::
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8 -~~	() https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8 - Patch
References	~~() https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d -~~	() https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d - Patch
References	~~() https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b -~~	() https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b - Patch
References	~~() https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19 -~~	() https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19 - Patch
References	~~() https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810 -~~	() https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810 - Patch
References	~~() https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d -~~	() https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d - Patch
References	~~() https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd -~~	() https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd - Patch
First Time		Linux Linux linux Kernel

19 Jan 2026, 13:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d - () https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810 -

14 Jan 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-14 15:16

Updated : 2026-03-25 18:45

NVD link : CVE-2025-71120

Mitre link : CVE-2025-71120

CVE.ORG link : CVE-2025-71120

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10