216.73.216.75

CVE-2025-71120

· Published 14/01/2026 16:16 · Author: The MITRE Corporation

Labels: CVE-2025-71120 2026-01-14416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2025-71120

Essential information

Published
14/01/2026 16:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-476
EPSS (First)
P5.6% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00160)
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

NVD status

NVD
View on NVD