Lucene search
K

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986593)

🗓️ 07 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Unity Linux 20 kernel security update fixes f2fs panic when extent_tree is not created.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(268972);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/15");

  script_cve_id("CVE-2022-48877");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986593)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-986593 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    f2fs: let's avoid panic if extent_tree is not created

    This patch avoids the below panic.

    pc : __lookup_extent_tree+0xd8/0x760
    lr : f2fs_do_write_data_page+0x104/0x87c
    sp : ffffffc010cbb3c0
    x29: ffffffc010cbb3e0 x28: 0000000000000000
    x27: ffffff8803e7f020 x26: ffffff8803e7ed40
    x25: ffffff8803e7f020 x24: ffffffc010cbb460
    x23: ffffffc010cbb480 x22: 0000000000000000
    x21: 0000000000000000 x20: ffffffff22e90900
    x19: 0000000000000000 x18: ffffffc010c5d080
    x17: 0000000000000000 x16: 0000000000000020
    x15: ffffffdb1acdbb88 x14: ffffff888759e2b0
    x13: 0000000000000000 x12: ffffff802da49000
    x11: 000000000a001200 x10: ffffff8803e7ed40
    x9 : ffffff8023195800 x8 : ffffff802da49078
    x7 : 0000000000000001 x6 : 0000000000000000
    x5 : 0000000000000006 x4 : ffffffc010cbba28
    x3 : 0000000000000000 x2 : ffffffc010cbb480
    x1 : 0000000000000000 x0 : ffffff8803e7ed40
    Call trace:
     __lookup_extent_tree+0xd8/0x760
     f2fs_do_write_data_page+0x104/0x87c
     f2fs_write_single_data_page+0x420/0xb60
     f2fs_write_cache_pages+0x418/0xb1c
     __f2fs_write_data_pages+0x428/0x58c
     f2fs_write_data_pages+0x30/0x40
     do_writepages+0x88/0x190
     __writeback_single_inode+0x48/0x448
     writeback_sb_inodes+0x468/0x9e8
     __writeback_inodes_wb+0xb8/0x2a4
     wb_writeback+0x33c/0x740
     wb_do_writeback+0x2b4/0x400
     wb_workfn+0xe4/0x34c
     process_one_work+0x24c/0x5bc
     worker_thread+0x3e8/0xa50
     kthread+0x150/0x1b4

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-986593
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27b8b0b");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-48877");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-48877");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2403.3.0.0270.103.002', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2403.3.0.0270.103.002', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2403.3.0.0270.103.002', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Oct 2025 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.15.5
EPSS0.0024
SSVC
2