CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> acct: perform last write from workqueue<br /> <br /> In [1] it was reported that the acct(2) system call can be used to<br /> trigger NULL deref in cases where it is set to write to a file that<br /> triggers an internal lookup. This can e.g., happen when pointing acc(2)<br /> to /sys/power/resume. At the point the where the write to this file<br /> happens the calling task has already exited and called exit_fs(). A<br /> lookup will thus trigger a NULL-deref when accessing current-&gt;fs.<br /> <br /> Reorganize the code so that the the final write happens from the<br /> workqueue but with the caller&amp;#39;s credentials. This preserves the<br /> (strange) permission model and has almost no regression risk.<br /> <br /> This api should stop to exist though.