Lucene search
K

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006926)

🗓️ 21 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

Linux kernel coresight fix prevents hangs by avoiding runtime PM in atomic context.

Related
Refs
Code
ReporterTitlePublishedViews
Family
AstraLinux
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
19 Jun 202611:10
astralinux
CNNVD
Linux kernel 安全漏洞
4 Oct 202500:00
cnnvd
CVE
CVE-2022-50491
4 Oct 202515:43
cve
Cvelist
CVE-2022-50491 coresight: cti: Fix hang in cti_disable_hw()
4 Oct 202515:43
cvelist
Debian CVE
CVE-2022-50491
4 Oct 202515:43
debiancve
NVD
CVE-2022-50491
4 Oct 202516:15
nvd
OSV
CVE-2022-50491 coresight: cti: Fix hang in cti_disable_hw()
4 Oct 202515:43
osv
OSV
DEBIAN-CVE-2022-50491
4 Oct 202516:15
osv
OSV
RHSA-2025:6966 Red Hat Security Advisory: kernel security update
14 May 202510:05
osv
OSV
UBUNTU-CVE-2022-50491
4 Oct 202516:15
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(308241);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2022-50491");

  script_name(english:"Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006926)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-006926 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    coresight: cti: Fix hang in cti_disable_hw()

    cti_enable_hw() and cti_disable_hw() are called from an atomic context
    so shouldn't use runtime PM because it can result in a sleep when
    communicating with firmware.

    Since commit 3c6656337852 (Revert firmware: arm_scmi: Add clock
    management to the SCMI power domain), this causes a hang on Juno when
    running the Perf Coresight tests or running this command:

      perf record -e cs_etm//u -- ls

    This was also missed until the revert commit because pm_runtime_put()
    was called with the wrong device until commit 692c9a499b28 (coresight:
    cti: Correct the parameter for pm_runtime_put)

    With lock and scheduler debugging enabled the following is output:

       coresight cti_sys0: cti_enable_hw -- dev:cti_sys0  parent: 20020000.cti
       BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1151
       in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 330, name: perf-exec
       preempt_count: 2, expected: 0
       RCU nest depth: 0, expected: 0
       INFO: lockdep is turned off.
       irq event stamp: 0
       hardirqs last  enabled at (0): [<0000000000000000>] 0x0
       hardirqs last disabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948
       softirqs last  enabled at (0): [<ffff80000822b394>] copy_process+0xa0c/0x1948
       softirqs last disabled at (0): [<0000000000000000>] 0x0
       CPU: 3 PID: 330 Comm: perf-exec Not tainted 6.0.0-00053-g042116d99298 #7
       Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Sep 13
    2022
       Call trace:
        dump_backtrace+0x134/0x140
        show_stack+0x20/0x58
        dump_stack_lvl+0x8c/0xb8
        dump_stack+0x18/0x34
        __might_resched+0x180/0x228
        __might_sleep+0x50/0x88
        __pm_runtime_resume+0xac/0xb0
        cti_enable+0x44/0x120
        coresight_control_assoc_ectdev+0xc0/0x150
        coresight_enable_path+0xb4/0x288
        etm_event_start+0x138/0x170
        etm_event_add+0x48/0x70
        event_sched_in.isra.122+0xb4/0x280
        merge_sched_in+0x1fc/0x3d0
        visit_groups_merge.constprop.137+0x16c/0x4b0
        ctx_sched_in+0x114/0x1f0
        perf_event_sched_in+0x60/0x90
        ctx_resched+0x68/0xb0
        perf_event_exec+0x138/0x508
        begin_new_exec+0x52c/0xd40
        load_elf_binary+0x6b8/0x17d0
        bprm_execve+0x360/0x7f8
        do_execveat_common.isra.47+0x218/0x238
        __arm64_sys_execve+0x48/0x60
        invoke_syscall+0x4c/0x110
        el0_svc_common.constprop.4+0xfc/0x120
        do_el0_svc+0x34/0xc0
        el0_svc+0x40/0x98
        el0t_64_sync_handler+0x98/0xc0
        el0t_64_sync+0x170/0x174

    Fix the issue by removing the runtime PM calls completely. They are not
    needed here because it must have already been done when building the
    path for a trace.

    [ Fix build warnings ]

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-006926
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5041ba6");
  # https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2022-50491-7a8b@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e9437e6");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-50491");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-50491");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060a|20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060a / 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060a',
    'pkgs': [
      {'reference':'kernel-5.10.0-28', 'sp':'1060a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-28', 'sp':'1060a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-28', 'sp':'1060a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-28', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-28', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-28', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-28', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.5
EPSS0.00145
8