Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

INFO

Published Date :

2026-01-14T15:06:07.194Z

Last Modified :

2026-02-09T08:35:15.157Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-71120 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71120.

URL Resource
https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8 cve-icon cve-icon
https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d cve-icon cve-icon
https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b cve-icon cve-icon
https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19 cve-icon cve-icon
https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810 cve-icon cve-icon
https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d cve-icon cve-icon
https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026011415-CVE-2025-71120-d0a6@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71120 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71120 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact