In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f] CREATE(Triage):(User=admin) [CVE-2024-36288 (https://nvd.nist.gov/vuln/detail/CVE-2024-36288)
