CVE-2025-40129 sunrpc: fix null pointer dereference on zero-length checksum

🗓️ 12 Nov 2025 10:23:21Reported by LinuxType

Linux kernel sunrpc fix null pointer dereference by requiring checksum length not less than an XDR unit.

Reporter	Title	Published	Views	Family All 305
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1254)	28 Oct 202500:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025:20172-1)	24 Dec 202500:00	–	nessus
Tenable Nessus	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50261)	12 May 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50271)	14 May 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50280)	22 May 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50294)	4 Jun 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50305)	9 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:4393-1)	16 Dec 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:4422-1)	18 Dec 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:4505-1)	24 Dec 202500:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sunrpc/auth_gss/svcauth_gss.c"
    ],
    "versions": [
      {
        "version": "0653028e8f1c97fec30710813a001ad8a2ec34f4",
        "lessThan": "81cec07d303186d0d8c623ef8b5ecd3b81e94cf6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0653028e8f1c97fec30710813a001ad8a2ec34f4",
        "lessThan": "affc03d44921f493deaae1d33151e3067a6f9f8f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0653028e8f1c97fec30710813a001ad8a2ec34f4",
        "lessThan": "ab9a70cd2386a0d70c164b0905dd66bc9af52e77",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0653028e8f1c97fec30710813a001ad8a2ec34f4",
        "lessThan": "6df164e29bd4e6505c5a2e0e5f1e1f6957a16a42",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sunrpc/auth_gss/svcauth_gss.c"
    ],
    "versions": [
      {
        "version": "6.3",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.3",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.112",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.53",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17.3",
        "lessThanOrEqual": "6.17.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/81cec07d303186d0d8c623ef8b5ecd3b81e94cf6
git	www.git.kernel.org/stable/c/6df164e29bd4e6505c5a2e0e5f1e1f6957a16a42
git	www.git.kernel.org/stable/c/ab9a70cd2386a0d70c164b0905dd66bc9af52e77
git	www.git.kernel.org/stable/c/affc03d44921f493deaae1d33151e3067a6f9f8f

11 May 2026 21:43Current

EPSS0.00174