CVE-2025-40129
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40129
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40129.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40129
- Downstream
- Published
- 2025-11-12T10:23:21.327Z
- Modified
- 2025-11-28T02:34:08.327097Z
- Summary
- sunrpc: fix null pointer dereference on zero-length checksum
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: fix null pointer dereference on zero-length checksum
In xdrstreamdecodeopaqueauth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gsskrb5verifymicv2(). This patch ensures that the value of checksum.len is not less than XDR_UNIT.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40129.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/6df164e29bd4e6505c5a2e0e5f1e1f6957a16a42
- https://git.kernel.org/stable/c/81cec07d303186d0d8c623ef8b5ecd3b81e94cf6
- https://git.kernel.org/stable/c/ab9a70cd2386a0d70c164b0905dd66bc9af52e77
- https://git.kernel.org/stable/c/affc03d44921f493deaae1d33151e3067a6f9f8f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40129.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40129
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0653028e8f1c97fec30710813a001ad8a2ec34f4Fixed81cec07d303186d0d8c623ef8b5ecd3b81e94cf6Fixedaffc03d44921f493deaae1d33151e3067a6f9f8fFixedab9a70cd2386a0d70c164b0905dd66bc9af52e77Fixed6df164e29bd4e6505c5a2e0e5f1e1f6957a16a42