Linux Kernel Acct System Call NULL Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's acct system call can lead to a NULL dereference. This issue occurs when the acct system call is directed to write to a file that requires an internal lookup, such as /sys/power/resume. When the write operation is performed, the calling task has already exited and released its file system resources, causing the lookup to dereference a NULL pointer. The vulnerability has been addressed by modifying the code to perform the final write from a workqueue using the caller's credentials, thereby maintaining the existing permission model with minimal risk of regression.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, which can lead to a system crash or undefined behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Acct System Call NULL Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating