Lucene search
K

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989719)

🗓️ 05 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Unity Linux 20.1070a security update fixes kernel page fault in i915 reset error_state_read pointer offset with no gpu coredump.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(273544);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/05");

  script_cve_id("CVE-2022-49723");

  script_name(english:"Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989719)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-989719 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    drm/i915/reset: Fix error_state_read ptr + offset use

    Fix our pointer offset usage in error_state_read
    when there is no i915_gpu_coredump but buf offset
    is non-zero.

    This fixes a kernel page fault can happen when
    multiple tests are running concurrently in a loop
    and one is producing engine resets and consuming
    the i915 error_state dump while the other is
    forcing full GT resets. (takes a while to trigger).

    The dmesg call trace:

    [ 5590.803000] BUG: unable to handle page fault for address:
                   ffffffffa0b0e000
    [ 5590.803009] #PF: supervisor read access in kernel mode
    [ 5590.803013] #PF: error_code(0x0000) - not-present page
    [ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067
                   PTE 0
    [ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI
    [ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U
                        5.17.0-rc5-ups69-guc-err-capt-rev6+ #136
    [ 5590.803033] Hardware name: Intel Corporation Alder Lake Client
                        Platform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00.
                        3031.A02.2201171222 01/17/2022
    [ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10
    [ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1
                         48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3
                         66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4
                         c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20
                         72 7e 40 38 fe
    [ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282
    [ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00
                   RCX: 0000000000000f8f
    [ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000
                   RDI: ffff888107ee9071
    [ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001
                   R09: 0000000000000001
    [ 5590.803069] R10: 0000000000000001 R11: 0000000000000002
                   R12: 0000000000000019
    [ 5590.803073] R13: 0000000000174fff R14: 0000000000001000
                   R15: ffff888107ee9000
    [ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000)
                   knlGS:0000000000000000
    [ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004
                   CR4: 0000000000770ee0
    [ 5590.803089] PKRU: 55555554
    [ 5590.803091] Call Trace:
    [ 5590.803093] <TASK>
    [ 5590.803096] error_state_read+0xa1/0xd0 [i915]
    [ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0
    [ 5590.803180] new_sync_read+0x116/0x1a0
    [ 5590.803185] vfs_read+0x114/0x1b0
    [ 5590.803189] ksys_read+0x63/0xe0
    [ 5590.803193] do_syscall_64+0x38/0xc0
    [ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae
    [ 5590.803201] RIP: 0033:0x7f62aaea5912
    [ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05
                         19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25
                         18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff
                         ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
    [ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246
                   ORIG_RAX: 0000000000000000
    [ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000
                   RCX: 00007f62aaea5912
    [ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f
                   RDI: 0000000000000006
    [ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010
                   R09: 0000000000101000
    [ 5590.803229] R10: 0000000000000001 R11: 0000000000000246
                   R12: 0000000000000006
    [ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010
                   R15: 0000000000200000
    [ 5590.803238] </TASK>
    [ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper
                            drm_kms_helper syscopyarea sysfillrect sysimgblt
                            fb_sys_fops prime_numbers nfnetlink br_netfilter
                            overlay mei_pxp mei_hdcp x86_pkg_temp_thermal
                            coretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel

    ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-989719
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?959e26c9");
  # https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49723-ac32@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?897c94b6");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-49723");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-49723");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.4.2', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Nov 2025 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.15.5
EPSS0.00266
6