DEBIAN-CVE-2025-21846

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2025-21846

Downstream

DLA-4178-1 DLA-4193-1 DSA-5900-1

Published: 12 Mar 2025, 10:15

Last modified:15 Jun 2026, 19:05

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Mar 2025, 10:15

Published

Vulnerability first disclosed

15 Jun 2026, 19:05

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•linux
< 5.10.237-1 | < 6.1.133-1 | < 6.12.17-1 | < 6.12.17-1
debian•linux-6.1
< 6.1.137-1~deb11u1

References (1)

https://security-tracker.debian.org/tracker/CVE-2025-21846