Lucene search
K

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987380)

🗓️ 07 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 1 Views

Unity Linux kernel fix for radeon delayed flush to prevent lockup when suspending in d3hot state.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(269124);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/15");

  script_cve_id("CVE-2022-48704");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987380)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-987380 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    drm/radeon: add a force flush to delay work when radeon

    Although radeon card fence and wait for gpu to finish processing current batch rings,
    there is still a corner case that radeon lockup work queue may not be fully flushed,
    and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to
    put device in D3hot state.
    Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.
    > Configuration and Message requests are the only TLPs accepted by a Function in
    > the D3hot state. All other received Requests must be handled as Unsupported Requests,
    > and all received Completions may optionally be handled as Unexpected Completions.
    This issue will happen in following logs:
    Unable to handle kernel paging request at virtual address 00008800e0008010
    CPU 0 kworker/0:3(131): Oops 0
    pc = [<ffffffff811bea5c>]  ra = [<ffffffff81240844>]  ps = 0000 Tainted: G        W
    pc is at si_gpu_check_soft_reset+0x3c/0x240
    ra is at si_dma_is_lockup+0x34/0xd0
    v0 = 0000000000000000  t0 = fff08800e0008010  t1 = 0000000000010000
    t2 = 0000000000008010  t3 = fff00007e3c00000  t4 = fff00007e3c00258
    t5 = 000000000000ffff  t6 = 0000000000000001  t7 = fff00007ef078000
    s0 = fff00007e3c016e8  s1 = fff00007e3c00000  s2 = fff00007e3c00018
    s3 = fff00007e3c00000  s4 = fff00007fff59d80  s5 = 0000000000000000
    s6 = fff00007ef07bd98
    a0 = fff00007e3c00000  a1 = fff00007e3c016e8  a2 = 0000000000000008
    a3 = 0000000000000001  a4 = 8f5c28f5c28f5c29  a5 = ffffffff810f4338
    t8 = 0000000000000275  t9 = ffffffff809b66f8  t10 = ff6769c5d964b800
    t11= 000000000000b886  pv = ffffffff811bea20  at = 0000000000000000
    gp = ffffffff81d89690  sp = 00000000aa814126
    Disabling lock debugging due to kernel taint
    Trace:
    [<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0
    [<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290
    [<ffffffff80977010>] process_one_work+0x280/0x550
    [<ffffffff80977350>] worker_thread+0x70/0x7c0
    [<ffffffff80977410>] worker_thread+0x130/0x7c0
    [<ffffffff80982040>] kthread+0x200/0x210
    [<ffffffff809772e0>] worker_thread+0x0/0x7c0
    [<ffffffff80981f8c>] kthread+0x14c/0x210
    [<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20
    [<ffffffff80981e40>] kthread+0x0/0x210
     Code: ad3e0008  43f0074a  ad7e0018  ad9e0020  8c3001e8  40230101
     <88210000> 4821ed21
    So force lockup work queue flush to fix this problem.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-987380
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?993c3b2c");
  # https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48704-e1ea@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e6859b13");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-48704");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-48704");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-74.16', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Oct 2025 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.15.5
EPSS0.00238
SSVC
1