PT-2026-2881 · Linux+2 · Linux Kernel+2

Published

2025-01-01

·

Updated

2026-05-11

·

CVE-2025-71120

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the SUNRPC component, specifically in the svcauth gss function related to handling zero-length gss token values during the gss read proxy verf process. A zero-length token can lead to a NULL dereference when attempting to access memory associated with the token, potentially causing a system crash or other undefined behavior. The issue occurs because the code unconditionally attempts to evaluate page address(in token->pages[0]) even when the token is empty, leading to a potential NULL pointer dereference. The fix involves adding a guard to the initial memcpy operation to ensure it only executes when the length of the token is greater than zero.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-74628
BDU:2026-03365
CVE-2025-71120
ECHO-1C70-2505-6A9D
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1341
OESA-2026-1566
OESA-2026-1567
OESA-2026-1570
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0350-1
SUSE-SU-2026:0369-1
SUSE-SU-2026:0411-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0471-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1180-1
SUSE-SU-2026:1185-1
SUSE-SU-2026:1188-1
SUSE-SU-2026:1189-1
SUSE-SU-2026:1212-1
SUSE-SU-2026:1221-1
SUSE-SU-2026:1222-1
SUSE-SU-2026:1225-1
SUSE-SU-2026:1236-1
SUSE-SU-2026:1237-1
SUSE-SU-2026:1239-1
SUSE-SU-2026:1242-1
SUSE-SU-2026:1244-1
SUSE-SU-2026:1248-1
SUSE-SU-2026:1254-1
SUSE-SU-2026:1259-1
SUSE-SU-2026:1261-1
SUSE-SU-2026:1263-1
SUSE-SU-2026:1265-1
SUSE-SU-2026:1268-1
SUSE-SU-2026:1269-1
SUSE-SU-2026:1270-1
SUSE-SU-2026:1271-1
SUSE-SU-2026:1272-1
SUSE-SU-2026:1274-1
SUSE-SU-2026:1278-1
SUSE-SU-2026:1279-1
SUSE-SU-2026:1280-1
SUSE-SU-2026:1281-1
SUSE-SU-2026:1283-1
SUSE-SU-2026:1284-1
SUSE-SU-2026:1285-1
SUSE-SU-2026:1287-1
SUSE-SU-2026:1288-1
SUSE-SU-2026:1293-1
SUSE-SU-2026:1297-1
SUSE-SU-2026:1298-1
SUSE-SU-2026:1304-1
SUSE-SU-2026:1305-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
SUSE-SU-2026:21005-1
SUSE-SU-2026:21006-1
SUSE-SU-2026:21007-1
SUSE-SU-2026:21008-1
SUSE-SU-2026:21009-1
SUSE-SU-2026:21020-1
SUSE-SU-2026:21041-1
SUSE-SU-2026:21042-1
SUSE-SU-2026:21043-1
SUSE-SU-2026:21044-1
SUSE-SU-2026:21045-1
SUSE-SU-2026:21046-1
SUSE-SU-2026:21047-1
SUSE-SU-2026:21048-1
SUSE-SU-2026:21049-1
SUSE-SU-2026:21050-1
SUSE-SU-2026:21051-1
SUSE-SU-2026:21052-1
SUSE-SU-2026:21053-1
SUSE-SU-2026:21054-1
SUSE-SU-2026:21055-1
SUSE-SU-2026:21056-1
SUSE-SU-2026:21057-1
SUSE-SU-2026:21058-1
SUSE-SU-2026:21059-1
SUSE-SU-2026:21060-1
SUSE-SU-2026:21061-1
SUSE-SU-2026:21071-1
SUSE-SU-2026:21072-1
SUSE-SU-2026:21073-1
SUSE-SU-2026:21074-1
SUSE-SU-2026:21075-1
SUSE-SU-2026:21076-1
SUSE-SU-2026:21077-1
SUSE-SU-2026:21078-1
SUSE-SU-2026:21079-1
SUSE-SU-2026:21080-1
SUSE-SU-2026:21081-1
SUSE-SU-2026:21082-1
SUSE-SU-2026:21083-1
SUSE-SU-2026:21084-1
SUSE-SU-2026:21085-1
SUSE-SU-2026:21086-1
SUSE-SU-2026:21087-1
SUSE-SU-2026:21088-1
SUSE-SU-2026:21089-1
SUSE-SU-2026:21090-1
SUSE-SU-2026:21091-1
SUSE-SU-2026:21096-1
SUSE-SU-2026:21099-1
SUSE-SU-2026:21100-1
SUSE-SU-2026:21102-1
SUSE-SU-2026:21216-1
SUSE-SU-2026:21217-1
SUSE-SU-2026:21219-1
SUSE-SU-2026:21220-1
SUSE-SU-2026:21221-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu