Lucene search
K

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989330)

🗓️ 05 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Linux kernel security update fixes Exynos HDMI DRM safe 640x480 fallback when EDID fails.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(272931);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/05");

  script_cve_id("CVE-2024-40916");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989330)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-989330 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found

    When reading EDID fails and driver reports no modes available, the DRM
    core adds an artificial 1024x786 mode to the connector. Unfortunately
    some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not
    able to drive such mode, so report a safe 640x480 mode instead of nothing
    in case of the EDID reading failure.

    This fixes the following issue observed on Trats2 board since commit
    13d5b040363c (drm/exynos: do not return negative values from .get_modes()):

    [drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations
    exynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)
    exynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)
    exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-
    flags:0x10b)
    exynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)
    exynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)
    [drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1
    exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state
    panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c
    exynos-mixer 12c10000.mixer: timeout waiting for VSYNC
    ------------[ cut here ]------------
    WARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682
    drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8
    [CRTC:70:crtc-1] vblank wait timed out
    Modules linked in:
    CPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913
    Hardware name: Samsung Exynos (Flattened Device Tree)
    Workqueue: events_unbound deferred_probe_work_func
    Call trace:
     unwind_backtrace from show_stack+0x10/0x14
     show_stack from dump_stack_lvl+0x68/0x88
     dump_stack_lvl from __warn+0x7c/0x1c4
     __warn from warn_slowpath_fmt+0x11c/0x1a8
     warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8
     drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c
     drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184
     commit_tail from drm_atomic_helper_commit+0x168/0x190
     drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0
     drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c
     drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc
     drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40
     drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4
     __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c
     drm_fb_helper_set_par from fbcon_init+0x3d8/0x550
     fbcon_init from visual_init+0xc0/0x108
     visual_init from do_bind_con_driver+0x1b8/0x3a4
     do_bind_con_driver from do_take_over_console+0x140/0x1ec
     do_take_over_console from do_fbcon_takeover+0x70/0xd0
     do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac
     fbcon_fb_registered from register_framebuffer+0x190/0x21c
     register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574
     __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0
     exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94
     drm_client_register from exynos_drm_bind+0x160/0x190
     exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8
     try_to_bring_up_aggregate_device from __component_add+0xb0/0x170
     __component_add from mixer_probe+0x74/0xcc
     mixer_probe from platform_probe+0x5c/0xb8
     platform_probe from really_probe+0xe0/0x3d8
     really_probe from __driver_probe_device+0x9c/0x1e4
     __driver_probe_device from driver_probe_device+0x30/0xc0
     driver_probe_device from __device_attach_driver+0xa8/0x120
     __device_attach_driver from bus_for_each_drv+0x80/0xcc
     bus_for_each_drv from __device_attach+0xac/0x1fc
     __device_attach from bus_probe_device+0x8c/0x90
     bus_probe_device from deferred_probe_work_func+0
    ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-989330
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?941ebd2a");
  # https://lore.kernel.org/linux-cve-announce/2024071211-CVE-2024-40916-845e@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02a3d533");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-40916");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-40916");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Nov 2025 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.15.5
EPSS0.00294
SSVC
2