CVE-2025-21846: acct: perform last write from workqueue
First published: Wed Mar 12 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=2.6.12<6.1.130 | |
| Linux Kernel | >=6.2<6.6.80 | |
| Linux Kernel | >=6.7<6.12.17 | |
| Linux Kernel | >=6.13<6.13.5 | |
| Linux Kernel | =6.14-rc1 | |
| Linux Kernel | =6.14-rc2 | |
| Linux Kernel | =6.14-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/5ee8da9bea70dda492d61f075658939af33d8410
- https://git.kernel.org/stable/c/5c928e14a2ccd99462f2351ead627b58075bb736
- https://git.kernel.org/stable/c/5a59ced8ffc71973d42c82484a719c8f6ac8f7f7
- https://git.kernel.org/stable/c/a8136afca090412a36429cb6c2543c714d9c0f84
- https://git.kernel.org/stable/c/56d5f3eba3f5de0efdd556de4ef381e109b973a9
- https://git.kernel.org/stable/c/5d5b936cfa4b0d5670ca7420ef165a074bc008eb
- https://git.kernel.org/stable/c/8acbf4a88c6a98c8ed00afd1a7d1abcca9b4735e
- https://git.kernel.org/stable/c/b03782ae707cc45e65242c7cddd8e28f1c22cde5
Frequently Asked Questions
What is the severity of CVE-2025-21846?
CVE-2025-21846 is classified as a high-severity vulnerability due to the potential for NULL dereference leading to application crashes.
What systems are affected by CVE-2025-21846?
CVE-2025-21846 affects the Linux kernel, specifically installations that utilize the acct(2) system call.
How do I fix CVE-2025-21846?
To fix CVE-2025-21846, you should update your Linux kernel to the latest stable version that addresses this vulnerability.
What risks does CVE-2025-21846 pose to my system?
CVE-2025-21846 poses risks of system instability and potential denial of service due to application crashes linked to the NULL dereference.
Has CVE-2025-21846 been mitigated?
Yes, CVE-2025-21846 has been resolved in recent Linux kernel updates, addressing the identified vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/source
- agent/author
- agent/references
- agent/tags
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13
- version/linux kernel/6.14-rc1
- version/linux kernel/6.14-rc2
- version/linux kernel/6.14-rc3