Lucene search
K

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986783)

🗓️ 07 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Unity Linux 20.1070e security update fixes scsi_debug kernel bug by not calling kcalloc with zero size.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(268559);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/15");

  script_cve_id("CVE-2021-47578");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986783)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-986783 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: scsi_debug: Don't call kcalloc() if size arg is zero

    If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR.  Because of
    that, for a following NULL pointer check to work on the returned pointer,
    kcalloc() must not be called with the size arg equal to zero. Return early
    without error before the kcalloc() call if size arg is zero.

    BUG: KASAN: null-ptr-deref in memcpy include/linux/fortify-string.h:191 [inline]
    BUG: KASAN: null-ptr-deref in sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974
    Write of size 4 at addr 0000000000000010 by task syz-executor.1/22789

    CPU: 1 PID: 22789 Comm: syz-executor.1 Not tainted 5.15.0-syzk #1
    Hardware name: Red Hat KVM, BIOS 1.13.0-2
    Call Trace:
     __dump_stack lib/dump_stack.c:88 [inline]
     dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106
     __kasan_report mm/kasan/report.c:446 [inline]
     kasan_report.cold.14+0x112/0x117 mm/kasan/report.c:459
     check_region_inline mm/kasan/generic.c:183 [inline]
     kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189
     memcpy+0x3b/0x60 mm/kasan/shadow.c:66
     memcpy include/linux/fortify-string.h:191 [inline]
     sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974
     do_dout_fetch drivers/scsi/scsi_debug.c:2954 [inline]
     do_dout_fetch drivers/scsi/scsi_debug.c:2946 [inline]
     resp_verify+0x49e/0x930 drivers/scsi/scsi_debug.c:4276
     schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478
     scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533
     scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]
     scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699
     blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639
     __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325
     blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358
     __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761
     __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838
     blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891
     blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474
     blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62
     blk_execute_rq+0xdb/0x360 block/blk-exec.c:102
     sg_scsi_ioctl drivers/scsi/scsi_ioctl.c:621 [inline]
     scsi_ioctl+0x8bb/0x15c0 drivers/scsi/scsi_ioctl.c:930
     sg_ioctl_common+0x172d/0x2710 drivers/scsi/sg.c:1112
     sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165
     vfs_ioctl fs/ioctl.c:51 [inline]
     __do_sys_ioctl fs/ioctl.c:874 [inline]
     __se_sys_ioctl fs/ioctl.c:860 [inline]
     __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x44/0xae

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-986783
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?641c5ce0");
  # https://lore.kernel.org/linux-cve-announce/2024061915-CVE-2021-47578-e81a@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?15b2afaa");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2021-47578");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-47578");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Oct 2025 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.5
EPSS0.00238
SSVC
2