PatchSiren cyber security CVE debrief
CVE-2025-71120 Linux CVE debrief
A MEDIUM severity vulnerability was found in the Linux kernel, specifically in the SUNRPC component. The vulnerability is caused by a NULL dereference on a zero-length gss_token in the gss_read_proxy_verf function. This can lead to a denial-of-service (DoS) attack. The vulnerability has a CVSS score of 5.5 and is considered MEDIUM severity. Affected Linux kernel deployments should be inventoried and patched or updated as necessary. Compensating controls such as network segmentation or access controls may be implemented to limit the attack surface. System logs should be monitored for potential exploitation attempts. Incident response plans should be reviewed and updated to address potential exploitation. Evidence is limited, and defenders should verify system logs for potential exploitation attempts with caution.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-14
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and administrators should be aware of this vulnerability and take necessary actions to mitigate it. This includes inventorying Linux kernel installations, applying patches or updates provided by the Linux kernel maintainers, and monitoring system logs for potential exploitation attempts.
Technical summary
The vulnerability is caused by a NULL dereference on a zero-length gss_token in the gss_read_proxy_verf function. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. To fix this, a check should be added to ensure that the length is greater than 0 before performing the memcpy. The fix involves adding a simple length check.
Defensive priority
Medium
Recommended defensive actions
- Inventory Linux kernel installations to identify potential exposure.
- Apply patches or updates provided by the Linux kernel maintainers.
- Monitor system logs for potential exploitation attempts.
- Implement compensating controls, such as network segmentation or access controls, to limit the attack surface.
- Consider using a Web Application Firewall (WAF) to detect and prevent exploitation attempts.
- Review and update incident response plans to address potential exploitation.
- Conduct regular vulnerability assessments to identify and address potential exposures.
Evidence notes
The CVE record was published on 2026-01-14T15:16:01.690Z and was last modified on 2026-07-14T13:18:03.810Z. The NVD entry is currently Modified. The Linux kernel vulnerability affects SUNRPC component. Evidence is limited, and defenders should verify system logs for potential exploitation attempts.
Official resources
-
CVE-2025-71120 CVE record
CVE.org
-
CVE-2025-71120 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-14T15:16:01.690Z and has not been modified since then.