Логотип exploitDog
bind:"GHSA-wg7v-626p-h26r" OR bind:"CVE-2025-21846"
Консоль
Логотип exploitDog

exploitDog

bind:"GHSA-wg7v-626p-h26r" OR bind:"CVE-2025-21846"

Количество 14

Количество 14

github логотип

GHSA-wg7v-626p-h26r

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
EPSS: Низкий
ubuntu логотип

CVE-2025-21846

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
EPSS: Низкий
redhat логотип

CVE-2025-21846

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
EPSS: Низкий
nvd логотип

CVE-2025-21846

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2025-21846

3 месяца назад

CVSS3: 5.5
EPSS: Низкий
debian логотип

CVE-2025-21846

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: a ...

CVSS3: 5.5
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:1177-1

3 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:1180-1

3 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:1178-1

3 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:1293-1

3 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:01951-1

около 1 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:01967-1

около 1 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:01919-1

около 1 месяца назад

Security update for the Linux Kernel

EPSS: Низкий
oracle-oval логотип

ELSA-2025-20480

4 дня назад

ELSA-2025-20480: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-wg7v-626p-h26r

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
0%
Низкий
4 месяца назад
ubuntu логотип
CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
0%
Низкий
4 месяца назад
redhat логотип
CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
0%
Низкий
4 месяца назад
nvd логотип
CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file that triggers an internal lookup. This can e.g., happen when pointing acc(2) to /sys/power/resume. At the point the where the write to this file happens the calling task has already exited and called exit_fs(). A lookup will thus trigger a NULL-deref when accessing current->fs. Reorganize the code so that the the final write happens from the workqueue but with the caller's credentials. This preserves the (strange) permission model and has almost no regression risk. This api should stop to exist though.

CVSS3: 5.5
0%
Низкий
4 месяца назад
msrc логотип
CVSS3: 5.5
0%
Низкий
3 месяца назад
debian логотип
CVE-2025-21846

In the Linux kernel, the following vulnerability has been resolved: a ...

CVSS3: 5.5
0%
Низкий
4 месяца назад
suse-cvrf логотип
SUSE-SU-2025:1177-1

Security update for the Linux Kernel

3 месяца назад
suse-cvrf логотип
SUSE-SU-2025:1180-1

Security update for the Linux Kernel

3 месяца назад
suse-cvrf логотип
SUSE-SU-2025:1178-1

Security update for the Linux Kernel

3 месяца назад
suse-cvrf логотип
SUSE-SU-2025:1293-1

Security update for the Linux Kernel

3 месяца назад
suse-cvrf логотип
SUSE-SU-2025:01951-1

Security update for the Linux Kernel

около 1 месяца назад
suse-cvrf логотип
SUSE-SU-2025:01967-1

Security update for the Linux Kernel

около 1 месяца назад
suse-cvrf логотип
SUSE-SU-2025:01919-1

Security update for the Linux Kernel

около 1 месяца назад
oracle-oval логотип
ELSA-2025-20480

ELSA-2025-20480: Unbreakable Enterprise kernel security update (IMPORTANT)

4 дня назад

Уязвимостей на страницу