NULL pointer dereference in Linux

CVE-2025-71120

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The c…

EPSS: 0.002 (5.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

  • Linux — versions 5.4.15, 5866efa8cbfbadf3905072798e96652faf02dbe8, 6.18.3
  • Linux Linux_kernel — versions 5.5, 6.19

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-71120?
CVE-2025-71120 is a medium-severity vulnerability in Linux, classified under NULL Pointer Dereference. CVSS score: 5.5/10. Published 2026-01-14.
How severe is CVE-2025-71120?
Medium severity. CVSS v3 base score is 5.5 out of 10.