Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993271)

🗓️ 31 Dec 2025 00:00:00Reported by TenableType

Unity Linux kernel update fixes i2c npcm interrupt by disabling enable before devm_request_irq to prevent soft lockup.

Reporter	Title	Published	Views	Family All 234
AstraLinux	Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15	3 May 202623:59	–	astralinux
BDU FSTEC	Vulnerability of the npcm_i2c_probe_bus() function (driver/i2c/buses/i2c-npcm7xx.c) in the Linux kernel, allowing a hacker to cause a service failure	7 Apr 202500:00	–	bdu_fstec
CNNVD	Linux kernel 安全漏洞	27 Mar 202500:00	–	cnnvd
CVE	CVE-2025-21878	27 Mar 202514:57	–	cve
Cvelist	CVE-2025-21878 i2c: npcm: disable interrupt enable bit before devm_request_irq	27 Mar 202514:57	–	cvelist
Debian	[SECURITY] [DLA 4178-1] linux security update	25 May 202513:24	–	debian
Debian	[SECURITY] [DLA 4193-1] linux-6.1 security update	29 May 202523:01	–	debian
Debian	[SECURITY] [DSA 5900-1] linux security update	12 Apr 202514:25	–	debian
Debian CVE	CVE-2025-21878	27 Mar 202514:57	–	debiancve
Tenable Nessus	Debian dla-4178 : ata-modules-5.10.0-34-armmp-di - security update	26 May 202500:00	–	nessus

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-21878
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(281095);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/31");

  script_cve_id("CVE-2025-21878");

  script_name(english:"Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993271)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2025-993271 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    i2c: npcm: disable interrupt enable bit before devm_request_irq

    The customer reports that there is a soft lockup issue related to
    the i2c driver. After checking, the i2c module was doing a tx transfer
    and the bmc machine reboots in the middle of the i2c transaction, the i2c
    module keeps the status without being reset.

    Due to such an i2c module status, the i2c irq handler keeps getting
    triggered since the i2c irq handler is registered in the kernel booting
    process after the bmc machine is doing a warm rebooting.
    The continuous triggering is stopped by the soft lockup watchdog timer.

    Disable the interrupt enable bit in the i2c module before calling
    devm_request_irq to fix this issue since the i2c relative status bit
    is read-only.

    Here is the soft lockup log.
    [   28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]
    [   28.183351] Modules linked in:
    [   28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1
    [   28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
    [   28.208128] pc : __do_softirq+0xb0/0x368
    [   28.212055] lr : __do_softirq+0x70/0x368
    [   28.215972] sp : ffffff8035ebca00
    [   28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780
    [   28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0
    [   28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b
    [   28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff
    [   28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000
    [   28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2
    [   28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250
    [   28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434
    [   28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198
    [   28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40
    [   28.290611] Call trace:
    [   28.293052]  __do_softirq+0xb0/0x368
    [   28.296625]  __irq_exit_rcu+0xe0/0x100
    [   28.300374]  irq_exit+0x14/0x20
    [   28.303513]  handle_domain_irq+0x68/0x90
    [   28.307440]  gic_handle_irq+0x78/0xb0
    [   28.311098]  call_on_irq_stack+0x20/0x38
    [   28.315019]  do_interrupt_handler+0x54/0x5c
    [   28.319199]  el1_interrupt+0x2c/0x4c
    [   28.322777]  el1h_64_irq_handler+0x14/0x20
    [   28.326872]  el1h_64_irq+0x74/0x78
    [   28.330269]  __setup_irq+0x454/0x780
    [   28.333841]  request_threaded_irq+0xd0/0x1b4
    [   28.338107]  devm_request_threaded_irq+0x84/0x100
    [   28.342809]  npcm_i2c_probe_bus+0x188/0x3d0
    [   28.346990]  platform_probe+0x6c/0xc4
    [   28.350653]  really_probe+0xcc/0x45c
    [   28.354227]  __driver_probe_device+0x8c/0x160
    [   28.358578]  driver_probe_device+0x44/0xe0
    [   28.362670]  __driver_attach+0x124/0x1d0
    [   28.366589]  bus_for_each_dev+0x7c/0xe0
    [   28.370426]  driver_attach+0x28/0x30
    [   28.373997]  bus_add_driver+0x124/0x240
    [   28.377830]  driver_register+0x7c/0x124
    [   28.381662]  __platform_driver_register+0x2c/0x34
    [   28.386362]  npcm_i2c_init+0x3c/0x5c
    [   28.389937]  do_one_initcall+0x74/0x230
    [   28.393768]  kernel_init_freeable+0x24c/0x2b4
    [   28.398126]  kernel_init+0x28/0x130
    [   28.401614]  ret_from_fork+0x10/0x20
    [   28.405189] Kernel panic - not syncing: softlockup: hung tasks
    [   28.411011] SMP: stopping secondary CPUs
    [   28.414933] Kernel Offset: disabled
    [   28.418412] CPU features: 0x00000000,00000802
    [   28.427644] Rebooting in 20 seconds..

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2025-993271
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc22436c");
  # https://lore.kernel.org/linux-cve-announce/2025032711-CVE-2025-21878-3c82@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?913c869c");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2025-21878");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-21878");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060a|20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060a / 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060a',
    'pkgs': [
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

31 Dec 2025 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.5

EPSS0.00129