{"id":"CVE-2025-71120","summary":"SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf\n\nA zero length gss_token results in pages == 0 and in_token-\u003epages[0]\nis NULL. The code unconditionally evaluates\npage_address(in_token-\u003epages[0]) for the initial memcpy, which can\ndereference NULL even when the copy length is 0. Guard the first\nmemcpy so it only runs when length \u003e 0.","modified":"2026-04-17T18:29:22.620533893Z","published":"2026-01-14T15:06:07.194Z","related":["SUSE-SU-2026:0350-1","SUSE-SU-2026:0369-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0447-1","SUSE-SU-2026:0471-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0473-1","SUSE-SU-2026:0474-1","SUSE-SU-2026:0496-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:0617-1","SUSE-SU-2026:1180-1","SUSE-SU-2026:1185-1","SUSE-SU-2026:1188-1","SUSE-SU-2026:1189-1","SUSE-SU-2026:1212-1","SUSE-SU-2026:1221-1","SUSE-SU-2026:1222-1","SUSE-SU-2026:1225-1","SUSE-SU-2026:1236-1","SUSE-SU-2026:1237-1","SUSE-SU-2026:1239-1","SUSE-SU-2026:1242-1","SUSE-SU-2026:1244-1","SUSE-SU-2026:1248-1","SUSE-SU-2026:1254-1","SUSE-SU-2026:1259-1","SUSE-SU-2026:1261-1","SUSE-SU-2026:1263-1","SUSE-SU-2026:1265-1","SUSE-SU-2026:1268-1","SUSE-SU-2026:1269-1","SUSE-SU-2026:1270-1","SUSE-SU-2026:1271-1","SUSE-SU-2026:1272-1","SUSE-SU-2026:1274-1","SUSE-SU-2026:1278-1","SUSE-SU-2026:1279-1","SUSE-SU-2026:1280-1","SUSE-SU-2026:1281-1","SUSE-SU-2026:1283-1","SUSE-SU-2026:1284-1","SUSE-SU-2026:1285-1","SUSE-SU-2026:1287-1","SUSE-SU-2026:1288-1","SUSE-SU-2026:1293-1","SUSE-SU-2026:1297-1","SUSE-SU-2026:1298-1","SUSE-SU-2026:1304-1","SUSE-SU-2026:1305-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","SUSE-SU-2026:21005-1","SUSE-SU-2026:21006-1","SUSE-SU-2026:21007-1","SUSE-SU-2026:21008-1","SUSE-SU-2026:21009-1","SUSE-SU-2026:21020-1","SUSE-SU-2026:21041-1","SUSE-SU-2026:21042-1","SUSE-SU-2026:21043-1","SUSE-SU-2026:21044-1","SUSE-SU-2026:21045-1","SUSE-SU-2026:21046-1","SUSE-SU-2026:21047-1","SUSE-SU-2026:21048-1","SUSE-SU-2026:21049-1","SUSE-SU-2026:21050-1","SUSE-SU-2026:21051-1","SUSE-SU-2026:21052-1","SUSE-SU-2026:21053-1","SUSE-SU-2026:21054-1","SUSE-SU-2026:21055-1","SUSE-SU-2026:21056-1","SUSE-SU-2026:21057-1","SUSE-SU-2026:21058-1","SUSE-SU-2026:21059-1","SUSE-SU-2026:21060-1","SUSE-SU-2026:21061-1","SUSE-SU-2026:21071-1","SUSE-SU-2026:21072-1","SUSE-SU-2026:21073-1","SUSE-SU-2026:21074-1","SUSE-SU-2026:21075-1","SUSE-SU-2026:21076-1","SUSE-SU-2026:21077-1","SUSE-SU-2026:21078-1","SUSE-SU-2026:21079-1","SUSE-SU-2026:21080-1","SUSE-SU-2026:21081-1","SUSE-SU-2026:21082-1","SUSE-SU-2026:21083-1","SUSE-SU-2026:21084-1","SUSE-SU-2026:21085-1","SUSE-SU-2026:21086-1","SUSE-SU-2026:21087-1","SUSE-SU-2026:21088-1","SUSE-SU-2026:21089-1","SUSE-SU-2026:21090-1","SUSE-SU-2026:21091-1","SUSE-SU-2026:21096-1","SUSE-SU-2026:21099-1","SUSE-SU-2026:21100-1","SUSE-SU-2026:21102-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71120.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71120.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71120"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5866efa8cbfbadf3905072798e96652faf02dbe8"},{"fixed":"a8f1e445ce3545c90d69c9e8ff8f7821825fe810"},{"fixed":"4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d"},{"fixed":"f9e53f69ac3bc4ef568b08d3542edac02e83fefd"},{"fixed":"7452d53f293379e2c38cfa8ad0694aa46fc4788b"},{"fixed":"a2c6f25ab98b423f99ccd94874d655b8bcb01a19"},{"fixed":"1c8bb965e9b0559ff0f5690615a527c30f651dd8"},{"fixed":"d4b69a6186b215d2dc1ebcab965ed88e8d41768d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"66ed7b413d31c6ff23901ac4443b1cc1af2f6113"},{"last_affected":"7be8c165dc81564705e8e0b72d398ef708f67eaa"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71120.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71120.json"}}],"schema_version":"1.7.5"}