Lucene search
K

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993233)

🗓️ 31 Dec 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Fixed Linux kernel RDMA mad timeout handling to reduce lock contention and avoid soft lockups.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(281136);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/31");

  script_cve_id("CVE-2024-50095");

  script_name(english:"Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993233)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-993233 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    RDMA/mad: Improve handling of timed out WRs of mad agent

    Current timeout handler of mad agent acquires/releases mad_agent_priv
    lock for every timed out WRs. This causes heavy locking contention
    when higher no. of WRs are to be handled inside timeout handler.

    This leads to softlockup with below trace in some use cases where
    rdma-cm path is used to establish connection between peer nodes

    Trace:
    -----
     BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767]
     CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE
         -------  ---  5.14.0-427.13.1.el9_4.x86_64 #1
     Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019
     Workqueue: ib_mad1 timeout_sends [ib_core]
     RIP: 0010:__do_softirq+0x78/0x2ac
     RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246
     RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f
     RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b
     RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000
     R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000
     R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040
     FS:  0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000
     CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
     CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0
     DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
     DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
     PKRU: 55555554
     Call Trace:
      <IRQ>
      ? show_trace_log_lvl+0x1c4/0x2df
      ? show_trace_log_lvl+0x1c4/0x2df
      ? __irq_exit_rcu+0xa1/0xc0
      ? watchdog_timer_fn+0x1b2/0x210
      ? __pfx_watchdog_timer_fn+0x10/0x10
      ? __hrtimer_run_queues+0x127/0x2c0
      ? hrtimer_interrupt+0xfc/0x210
      ? __sysvec_apic_timer_interrupt+0x5c/0x110
      ? sysvec_apic_timer_interrupt+0x37/0x90
      ? asm_sysvec_apic_timer_interrupt+0x16/0x20
      ? __do_softirq+0x78/0x2ac
      ? __do_softirq+0x60/0x2ac
      __irq_exit_rcu+0xa1/0xc0
      sysvec_call_function_single+0x72/0x90
      </IRQ>
      <TASK>
      asm_sysvec_call_function_single+0x16/0x20
     RIP: 0010:_raw_spin_unlock_irq+0x14/0x30
     RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247
     RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800
     RDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c
     RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000
     R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538
     R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c
      cm_process_send_error+0x122/0x1d0 [ib_cm]
      timeout_sends+0x1dd/0x270 [ib_core]
      process_one_work+0x1e2/0x3b0
      ? __pfx_worker_thread+0x10/0x10
      worker_thread+0x50/0x3a0
      ? __pfx_worker_thread+0x10/0x10
      kthread+0xdd/0x100
      ? __pfx_kthread+0x10/0x10
      ret_from_fork+0x29/0x50
      </TASK>

    Simplified timeout handler by creating local list of timed out WRs
    and invoke send handler post creating the list. The new method acquires/
    releases lock once to fetch the list and hence helps to reduce locking
    contetiong when processing higher no. of WRs

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-993233
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7bd1f2eb");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-50095");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-50095");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060a|20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060a / 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060a',
    'pkgs': [
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

31 Dec 2025 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.5
EPSS0.00261
SSVC
3