Lucene search
K

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005020)

🗓️ 27 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Unity Linux kernel security update fixes cpufreq governor release of dbs_data to prevent calltrace.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(296717);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/27");

  script_cve_id("CVE-2022-49513");

  script_name(english:"Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005020)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-005020 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    cpufreq: governor: Use kobject release() method to free dbs_data

    The struct dbs_data embeds a struct gov_attr_set and
    the struct gov_attr_set embeds a kobject. Since every kobject must have
    a release() method and we can't use kfree() to free it directly,
    so introduce cpufreq_dbs_data_release() to release the dbs_data via
    the kobject::release() method. This fixes the calltrace like below:

      ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x34
      WARNING: CPU: 12 PID: 810 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100
      Modules linked in:
      CPU: 12 PID: 810 Comm: sh Not tainted 5.16.0-next-20220120-yocto-standard+ #536
      Hardware name: Marvell OcteonTX CN96XX board (DT)
      pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
      pc : debug_print_object+0xb8/0x100
      lr : debug_print_object+0xb8/0x100
      sp : ffff80001dfcf9a0
      x29: ffff80001dfcf9a0 x28: 0000000000000001 x27: ffff0001464f0000
      x26: 0000000000000000 x25: ffff8000090e3f00 x24: ffff80000af60210
      x23: ffff8000094dfb78 x22: ffff8000090e3f00 x21: ffff0001080b7118
      x20: ffff80000aeb2430 x19: ffff800009e8f5e0 x18: 0000000000000000
      x17: 0000000000000002 x16: 00004d62e58be040 x15: 013590470523aff8
      x14: ffff8000090e1828 x13: 0000000001359047 x12: 00000000f5257d14
      x11: 0000000000040591 x10: 0000000066c1ffea x9 : ffff8000080d15e0
      x8 : ffff80000a1765a8 x7 : 0000000000000000 x6 : 0000000000000001
      x5 : ffff800009e8c000 x4 : ffff800009e8c760 x3 : 0000000000000000
      x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0001474ed040
      Call trace:
       debug_print_object+0xb8/0x100
       __debug_check_no_obj_freed+0x1d0/0x25c
       debug_check_no_obj_freed+0x24/0xa0
       kfree+0x11c/0x440
       cpufreq_dbs_governor_exit+0xa8/0xac
       cpufreq_exit_governor+0x44/0x90
       cpufreq_set_policy+0x29c/0x570
       store_scaling_governor+0x110/0x154
       store+0xb0/0xe0
       sysfs_kf_write+0x58/0x84
       kernfs_fop_write_iter+0x12c/0x1c0
       new_sync_write+0xf0/0x18c
       vfs_write+0x1cc/0x220
       ksys_write+0x74/0x100
       __arm64_sys_write+0x28/0x3c
       invoke_syscall.constprop.0+0x58/0xf0
       do_el0_svc+0x70/0x170
       el0_svc+0x54/0x190
       el0t_64_sync_handler+0xa4/0x130
       el0t_64_sync+0x1a0/0x1a4
      irq event stamp: 189006
      hardirqs last  enabled at (189005): [<ffff8000080849d0>] finish_task_switch.isra.0+0xe0/0x2c0
      hardirqs last disabled at (189006): [<ffff8000090667a4>] el1_dbg+0x24/0xa0
      softirqs last  enabled at (188966): [<ffff8000080106d0>] __do_softirq+0x4b0/0x6a0
      softirqs last disabled at (188957): [<ffff80000804a618>] __irq_exit_rcu+0x108/0x1a4

    [ rjw: Because can be freed by the gov_attr_set_put() in
      cpufreq_dbs_governor_exit() now, it is also necessary to put the
      invocation of the governor ->exit() callback into the new
      cpufreq_dbs_data_release() function. ]

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-005020
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77593d1b");
  # https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2022-49513-f147@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83af3a86");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-49513");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-49513");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Jan 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.15.5
EPSS0.00249
3