CVE-2025-71120
Published: Jan 14, 2026
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5866efa8cbfbadf3905072798e96652faf02dbe8 - < a8f1e445ce3545c90d69c9e8ff8f7821825fe810affected 5866efa8cbfbadf3905072798e96652faf02dbe8 - < 4dedb6a11243a5c9eb9dbb97bca3c98bd725e83daffected 5866efa8cbfbadf3905072798e96652faf02dbe8 - < f9e53f69ac3bc4ef568b08d3542edac02e83fefdaffected 5866efa8cbfbadf3905072798e96652faf02dbe8 - < 7452d53f293379e2c38cfa8ad0694aa46fc4788baffected 5866efa8cbfbadf3905072798e96652faf02dbe8 - < a2c6f25ab98b423f99ccd94874d655b8bcb01a19+6 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now