VYPR
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026

CVE-2025-40129

CVE-2025-40129

Description

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: fix null pointer dereference on zero-length checksum

In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gss_krb5_verify_mic_v2(). This patch ensures that the value of checksum.len is not less than XDR_UNIT.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

169

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.