Lucene search
K

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992549)

🗓️ 30 Dec 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

Security update fixes crypto: hisilicon/sec sleeping in softirq during kunpeng920 encryption.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(280217);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/30");

  script_cve_id("CVE-2022-50171");

  script_name(english:"Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992549)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-992549 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    crypto: hisilicon/sec - don't sleep when in softirq

    When kunpeng920 encryption driver is used to deencrypt and decrypt
    packets during the softirq, it is not allowed to use mutex lock. The
    kernel will report the following error:

    BUG: scheduling while atomic: swapper/57/0/0x00000300
    Call trace:
    dump_backtrace+0x0/0x1e4
    show_stack+0x20/0x2c
    dump_stack+0xd8/0x140
    __schedule_bug+0x68/0x80
    __schedule+0x728/0x840
    schedule+0x50/0xe0
    schedule_preempt_disabled+0x18/0x24
    __mutex_lock.constprop.0+0x594/0x5dc
    __mutex_lock_slowpath+0x1c/0x30
    mutex_lock+0x50/0x60
    sec_request_init+0x8c/0x1a0 [hisi_sec2]
    sec_process+0x28/0x1ac [hisi_sec2]
    sec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2]
    sec_skcipher_encrypt+0x1c/0x30 [hisi_sec2]
    crypto_skcipher_encrypt+0x2c/0x40
    crypto_authenc_encrypt+0xc8/0xfc [authenc]
    crypto_aead_encrypt+0x2c/0x40
    echainiv_encrypt+0x144/0x1a0 [echainiv]
    crypto_aead_encrypt+0x2c/0x40
    esp_output_tail+0x348/0x5c0 [esp4]
    esp_output+0x120/0x19c [esp4]
    xfrm_output_one+0x25c/0x4d4
    xfrm_output_resume+0x6c/0x1fc
    xfrm_output+0xac/0x3c0
    xfrm4_output+0x64/0x130
    ip_build_and_send_pkt+0x158/0x20c
    tcp_v4_send_synack+0xdc/0x1f0
    tcp_conn_request+0x7d0/0x994
    tcp_v4_conn_request+0x58/0x6c
    tcp_v6_conn_request+0xf0/0x100
    tcp_rcv_state_process+0x1cc/0xd60
    tcp_v4_do_rcv+0x10c/0x250
    tcp_v4_rcv+0xfc4/0x10a4
    ip_protocol_deliver_rcu+0xf4/0x200
    ip_local_deliver_finish+0x58/0x70
    ip_local_deliver+0x68/0x120
    ip_sublist_rcv_finish+0x70/0x94
    ip_list_rcv_finish.constprop.0+0x17c/0x1d0
    ip_sublist_rcv+0x40/0xb0
    ip_list_rcv+0x140/0x1dc
    __netif_receive_skb_list_core+0x154/0x28c
    __netif_receive_skb_list+0x120/0x1a0
    netif_receive_skb_list_internal+0xe4/0x1f0
    napi_complete_done+0x70/0x1f0
    gro_cell_poll+0x9c/0xb0
    napi_poll+0xcc/0x264
    net_rx_action+0xd4/0x21c
    __do_softirq+0x130/0x358
    irq_exit+0x11c/0x13c
    __handle_domain_irq+0x88/0xf0
    gic_handle_irq+0x78/0x2c0
    el1_irq+0xb8/0x140
    arch_cpu_idle+0x18/0x40
    default_idle_call+0x5c/0x1c0
    cpuidle_idle_call+0x174/0x1b0
    do_idle+0xc8/0x160
    cpu_startup_entry+0x30/0x11c
    secondary_start_kernel+0x158/0x1e4
    softirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with
    preempt_count 00000100, exited with fffffe00?

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-992549
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0634ffc");
  # https://lore.kernel.org/linux-cve-announce/2025061829-CVE-2022-50171-733e@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?67a42f88");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-50171");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-50171");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060e',
    'pkgs': [
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Dec 2025 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.15.5
EPSS0.00128
9