Lucene search
K

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987229)

🗓️ 07 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Unity Linux 20 kernel security update fixes net/sched fq_pie dismantle bug and rcu stall.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(269154);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/15");

  script_cve_id("CVE-2021-47512");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987229)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-987229 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    net/sched: fq_pie: prevent dismantle issue

    For some reason, fq_pie_destroy() did not copy
    working code from pie_destroy() and other qdiscs,
    thus causing elusive bug.

    Before calling del_timer_sync(&q->adapt_timer),
    we need to ensure timer will not rearm itself.

    rcu: INFO: rcu_preempt self-detected stall on CPU
    rcu:    0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579
            (t=10501 jiffies g=13085 q=3989)
    NMI backtrace for cpu 0
    CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     <IRQ>
     __dump_stack lib/dump_stack.c:88 [inline]
     dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
     nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
     nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
     trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
     rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343
     print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]
     check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]
     rcu_pending kernel/rcu/tree.c:3878 [inline]
     rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597
     update_process_times+0x16d/0x200 kernel/time/timer.c:1785
     tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
     tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428
     __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
     __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
     hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
     local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
     __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
     sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097
     </IRQ>
     <TASK>
     asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
    RIP: 0010:write_comp_data kernel/kcov.c:221 [inline]
    RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273
    Code: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02
    00 48 89 ce 4c 8b 54 24 08 <e8> 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00
    RSP: 0018:ffffc90000d27b28 EFLAGS: 00000246
    RAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000
    RDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003
    RBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000
    R10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000
    R13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000
     pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418
     fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383
     call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
     expire_timers kernel/time/timer.c:1466 [inline]
     __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734
     __run_timers kernel/time/timer.c:1715 [inline]
     run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
     __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
     run_ksoftirqd kernel/softirq.c:921 [inline]
     run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913
     smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164
     kthread+0x405/0x4f0 kernel/kthread.c:327
     ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
     </TASK>

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-987229
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6baf017");
  # https://lore.kernel.org/linux-cve-announce/2024052430-CVE-2021-47512-4d70@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?58f12b3c");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2021-47512");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-47512");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Oct 2025 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.15.5
EPSS0.00236
SSVC
4