IM
IronMonkey Threat Research

CVE-2025-71120 MEDIUM

Published: 2026-01-14 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

Additional Descriptions (1)

En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: SUNRPC: svcauth_gss: evitar desreferenciación de NULL en gss_token de longitud cero en gss_read_proxy_verf Un gss_token de longitud cero resulta en pages == 0 y in_token->pages[0] es NULL. El código evalúa incondicionalmente page_address(in_token->pages[0]) para el memcpy inicial, lo que puede desreferenciar NULL incluso cuando la longitud de la copia es 0. Proteger el primer memcpy para que solo se ejecute cuando length > 0.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-476

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bfc2a6a40> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc2a6dc0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc2a4900> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcdbc680> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc2a6000> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcc9b21c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcc9b2f00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdcdbd100> Operating System
linux linux_kernel 5.5 <built-in method update of dict object at 0x702bfc2a50c0> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a6180> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc550ac0> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a6d40> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a6d00> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bdd12bd80> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a4100> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a5800> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a7140> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:5.5:-:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

References

Notification
Message here