Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989285)

🗓️ 05 Nov 2025 00:00:00Reported by TenableType

Linux kernel ext4 bug fix prevents BUG_ON in ext4_mb_use_inode_pa during writes.

Reporter	Title	Published	Views	Family All 120
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2-2022-1813 (ALAS-2022-1813)	15 Jul 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-015 (ALASKERNEL-5.10-2022-015)	21 Jul 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2022-002 (ALASKERNEL-5.15-2022-002)	21 Jul 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-028 (ALASKERNEL-5.4-2022-028)	21 Jul 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-1589)	11 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-1590)	11 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1618)	11 Jun 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1635)	11 Jun 202500:00	–	nessus
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus
Tenable Nessus	RHEL 8 : kernel (RHSA-2022:7683)	9 Nov 202200:00	–	nessus

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-49708
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(272821);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/05");

  script_cve_id("CVE-2022-49708");

  script_name(english:"Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989285)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-989285 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix bug_on ext4_mb_use_inode_pa

    Hulk Robot reported a BUG_ON:
    ==================================================================
    kernel BUG at fs/ext4/mballoc.c:3211!
    [...]
    RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f
    [...]
    Call Trace:
     ext4_mb_new_blocks+0x9df/0x5d30
     ext4_ext_map_blocks+0x1803/0x4d80
     ext4_map_blocks+0x3a4/0x1a10
     ext4_writepages+0x126d/0x2c30
     do_writepages+0x7f/0x1b0
     __filemap_fdatawrite_range+0x285/0x3b0
     file_write_and_wait_range+0xb1/0x140
     ext4_sync_file+0x1aa/0xca0
     vfs_fsync_range+0xfb/0x260
     do_fsync+0x48/0xa0
    [...]
    ==================================================================

    Above issue may happen as follows:
    -------------------------------------
    do_fsync
     vfs_fsync_range
      ext4_sync_file
       file_write_and_wait_range
        __filemap_fdatawrite_range
         do_writepages
          ext4_writepages
           mpage_map_and_submit_extent
            mpage_map_one_extent
             ext4_map_blocks
              ext4_mb_new_blocks
               ext4_mb_normalize_request
                >>> start + size <= ac->ac_o_ex.fe_logical
               ext4_mb_regular_allocator
                ext4_mb_simple_scan_group
                 ext4_mb_use_best_found
                  ext4_mb_new_preallocation
                   ext4_mb_new_inode_pa
                    ext4_mb_use_inode_pa
                     >>> set ac->ac_b_ex.fe_len <= 0
               ext4_mb_mark_diskspace_used
                >>> BUG_ON(ac->ac_b_ex.fe_len <= 0);

    we can easily reproduce this problem with the following commands:
            `fallocate -l100M disk`
            `mkfs.ext4 -b 1024 -g 256 disk`
            `mount disk /mnt`
            `fsstress -d /mnt -l 0 -n 1000 -p 1`

    The size must be smaller than or equal to EXT4_BLOCKS_PER_GROUP.
    Therefore, start + size <= ac->ac_o_ex.fe_logical may occur
    when the size is truncated. So start should be the start position of
    the group where ac_o_ex.fe_logical is located after alignment.
    In addition, when the value of fe_logical or EXT4_BLOCKS_PER_GROUP
    is very large, the value calculated by start_off is more accurate.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-989285
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a11329c");
  # https://lore.kernel.org/linux-cve-announce/2025022630-CVE-2022-49708-f056@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?67100636");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-49708");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-49708");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

05 Nov 2025 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.15.5

EPSS0.0027