Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NULL Pointer Dereference Vulnerability in SUNRPC GSS Authentication

Vulnerability

A vulnerability in the Linux kernel's SUNRPC GSS authentication mechanism can lead to a NULL pointer dereference. This issue arises when a zero-length GSS token is processed, resulting in an invalid memory reference. The vulnerability is present in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can cause a kernel panic due to a NULL pointer dereference, leading to a denial of service condition.

Reproduction

The vulnerability can be reproduced by sending a zero-length GSS token to a service that uses SUNRPC with GSS authentication. This will cause the 'gss_read_proxy_verf' function to attempt to copy data from the token without checking if the token is valid, leading to a NULL dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.

Added: Jan 14, 2026, 3:43 PM
Updated: Jan 14, 2026, 4:52 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
2.1
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.