Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987333)

🗓️ 07 Oct 2025 00:00:00Reported by TenableType

Security update fixes kernel tracepoint liveliness for VM-Enter failures by copying string literals.

Reporter	Title	Published	Views	Family All 20
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-002 (ALASKERNEL-5.10-2022-002)	2 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-004 (ALASKERNEL-5.4-2022-004)	2 May 202200:00	–	nessus
Tenable Nessus	TencentOS Server 4: kernel (TSSA-2024:0981)	16 Jun 202500:00	–	nessus
Tenable Nessus	Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988815)	5 Nov 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2021-47262	5 Mar 202500:00	–	nessus
Amazon	Important: kernel	28 Jan 202200:00	–	amazon
Amazon	Important: kernel	28 Jan 202200:00	–	amazon
AstraLinux	Astra Linux - уязвимость в linux, linux-5.10	20 May 202605:53	–	astralinux
CNNVD	Linux kernel 安全漏洞	21 May 202400:00	–	cnnvd
CVE	CVE-2021-47262	21 May 202414:19	–	cve

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-47262
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(269072);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/15");

  script_cve_id("CVE-2021-47262");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987333)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-987333 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message

    Use the __string() machinery provided by the tracing subystem to make a
    copy of the string literals consumed by the nested VM-Enter failed
    tracepoint.  A complete copy is necessary to ensure that the tracepoint
    can't outlive the data/memory it consumes and deference stale memory.

    Because the tracepoint itself is defined by kvm, if kvm-intel and/or
    kvm-amd are built as modules, the memory holding the string literals
    defined by the vendor modules will be freed when the module is unloaded,
    whereas the tracepoint and its data in the ring buffer will live until
    kvm is unloaded (or indefinitely if kvm is built-in).

    This bug has existed since the tracepoint was added, but was recently
    exposed by a new check in tracing to detect exactly this type of bug.

      fmt: '%s%s
      ' current_buffer: ' vmx_dirty_log_t-140127  [003] ....  kvm_nested_vmenter_failed: '
      WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0
      CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184
      Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014
      RIP: 0010:trace_check_vprintf+0x3be/0x3e0
      Code: <0f> 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20
      RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282
      RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027
      RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8
      RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8
      R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4
      R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000
      FS:  00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0
      Call Trace:
       trace_event_printf+0x5e/0x80
       trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm]
       print_trace_line+0x1dd/0x4e0
       s_show+0x45/0x150
       seq_read_iter+0x2d5/0x4c0
       seq_read+0x106/0x150
       vfs_read+0x98/0x180
       ksys_read+0x5f/0xe0
       do_syscall_64+0x40/0xb0
       entry_SYSCALL_64_after_hwframe+0x44/0xae

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-987333
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e492d58c");
  # https://lore.kernel.org/linux-cve-announce/2024052148-CVE-2021-47262-cf6a@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c3db549");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2021-47262");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-47262");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

15 Oct 2025 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.17.1

EPSS0.00022

SSVC