5.5

CVE-2025-71120

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf

A zero length gss_token results in pages == 0 and in_token->pages[0]
is NULL. The code unconditionally evaluates
page_address(in_token->pages[0]) for the initial memcpy, which can
dereference NULL even when the copy length is 0. Guard the first
memcpy so it only runs when length > 0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.99 < 4.20
LinuxLinux Kernel Version >= 5.4.15 < 5.5
LinuxLinux Kernel Version >= 5.5.1 < 5.10.248
LinuxLinux Kernel Version >= 5.11 < 5.15.198
LinuxLinux Kernel Version >= 5.16 < 6.1.160
LinuxLinux Kernel Version >= 6.2 < 6.6.120
LinuxLinux Kernel Version >= 6.7 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.3
LinuxLinux Kernel Version5.5 Update-
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.055
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8
Patch
https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b
Patch
https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19
Patch
https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d
Patch
https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd
Patch
https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d
Patch
https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810
Patch