CVE-2025-21846
MEDIUM EPSS 11.3%
Published Mar 12, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Mar 12, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
11.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 7
References 11
- cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- git.kernel.org https://git.kernel.org/stable/c/56d5f3eba3f5de0efdd556de4ef381e109b973a9
- git.kernel.org https://git.kernel.org/stable/c/5a59ced8ffc71973d42c82484a719c8f6ac8f7f7
- git.kernel.org https://git.kernel.org/stable/c/5c928e14a2ccd99462f2351ead627b58075bb736
- git.kernel.org https://git.kernel.org/stable/c/5d5b936cfa4b0d5670ca7420ef165a074bc008eb
- git.kernel.org https://git.kernel.org/stable/c/5ee8da9bea70dda492d61f075658939af33d8410
- git.kernel.org https://git.kernel.org/stable/c/8acbf4a88c6a98c8ed00afd1a7d1abcca9b4735e
- git.kernel.org https://git.kernel.org/stable/c/a8136afca090412a36429cb6c2543c714d9c0f84
- git.kernel.org https://git.kernel.org/stable/c/b03782ae707cc45e65242c7cddd8e28f1c22cde5
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Remediation
- git.kernel.org https://git.kernel.org/stable/c/56d5f3eba3f5de0efdd556de4ef381e109b973a9
- git.kernel.org https://git.kernel.org/stable/c/5a59ced8ffc71973d42c82484a719c8f6ac8f7f7
- git.kernel.org https://git.kernel.org/stable/c/5c928e14a2ccd99462f2351ead627b58075bb736
- git.kernel.org https://git.kernel.org/stable/c/5d5b936cfa4b0d5670ca7420ef165a074bc008eb
- git.kernel.org https://git.kernel.org/stable/c/5ee8da9bea70dda492d61f075658939af33d8410
- git.kernel.org https://git.kernel.org/stable/c/8acbf4a88c6a98c8ed00afd1a7d1abcca9b4735e
- git.kernel.org https://git.kernel.org/stable/c/a8136afca090412a36429cb6c2543c714d9c0f84
- git.kernel.org https://git.kernel.org/stable/c/b03782ae707cc45e65242c7cddd8e28f1c22cde5