PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71120 Linux CVE debrief

A MEDIUM severity vulnerability was found in the Linux kernel, specifically in the SUNRPC component. The vulnerability is caused by a NULL dereference on a zero-length gss_token in the gss_read_proxy_verf function. This can lead to a denial-of-service (DoS) attack. The vulnerability has a CVSS score of 5.5 and is considered MEDIUM severity. Affected Linux kernel deployments should be inventoried and patched or updated as necessary. Compensating controls such as network segmentation or access controls may be implemented to limit the attack surface. System logs should be monitored for potential exploitation attempts. Incident response plans should be reviewed and updated to address potential exploitation. Evidence is limited, and defenders should verify system logs for potential exploitation attempts with caution.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-14
Original CVE updated
2026-07-14
Advisory published
2026-01-14
Advisory updated
2026-07-14

Who should care

Linux kernel users and administrators should be aware of this vulnerability and take necessary actions to mitigate it. This includes inventorying Linux kernel installations, applying patches or updates provided by the Linux kernel maintainers, and monitoring system logs for potential exploitation attempts.

Technical summary

The vulnerability is caused by a NULL dereference on a zero-length gss_token in the gss_read_proxy_verf function. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. To fix this, a check should be added to ensure that the length is greater than 0 before performing the memcpy. The fix involves adding a simple length check.

Defensive priority

Medium

Recommended defensive actions

  • Inventory Linux kernel installations to identify potential exposure.
  • Apply patches or updates provided by the Linux kernel maintainers.
  • Monitor system logs for potential exploitation attempts.
  • Implement compensating controls, such as network segmentation or access controls, to limit the attack surface.
  • Consider using a Web Application Firewall (WAF) to detect and prevent exploitation attempts.
  • Review and update incident response plans to address potential exploitation.
  • Conduct regular vulnerability assessments to identify and address potential exposures.

Evidence notes

The CVE record was published on 2026-01-14T15:16:01.690Z and was last modified on 2026-07-14T13:18:03.810Z. The NVD entry is currently Modified. The Linux kernel vulnerability affects SUNRPC component. Evidence is limited, and defenders should verify system logs for potential exploitation attempts.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-14T15:16:01.690Z and has not been modified since then.