Null Pointer Dereference Vulnerability in Linux Kernel
CVE-2025-40129

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
12 November 2025

What is CVE-2025-40129?

A vulnerability in the Linux kernel was identified wherein a null pointer dereference could occur due to a zero-length checksum in the xdr_stream_decode_opaque_auth() function. When the checksum.len is zero, it sets checksum.data to NULL, leading to a potential null pointer dereference in the gss_krb5_verify_mic_v2() function. A patch has been issued to ensure that checksum.len is never less than XDR_UNIT, thereby mitigating this risk.

Affected Version(s)

Linux 0653028e8f1c97fec30710813a001ad8a2ec34f4 < 81cec07d303186d0d8c623ef8b5ecd3b81e94cf6

Linux 0653028e8f1c97fec30710813a001ad8a2ec34f4

Linux 0653028e8f1c97fec30710813a001ad8a2ec34f4

References

https://git.kernel.org/stable/c/81cec07d303186d0d8c623ef8...
https://git.kernel.org/stable/c/affc03d44921f493deaae1d33...
https://git.kernel.org/stable/c/ab9a70cd2386a0d70c164b090...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-40129 : Null Pointer Dereference Vulnerability in Linux Kernel