DEBIAN-CVE-2025-40129

DEBIAN-CVE-2025-40129 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gss_krb5_verify_mic_v2(). This patch ensures that the value of checksum.len is not less than XDR_UNIT.

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 6.12.38-1, 6.12.41-1
Debian:14	linux	6.13.10-1~exp1, 6.13.11-1~exp1, 6.13.2-1~exp1

Exploit Intelligence

4081.3.7.yml (github-poc)

Timeline

Nov 12, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-40129 advisory

Open in Interactive Console →