Lucene search
K

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007511)

🗓️ 17 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

Linux kernel update fixes a use-after-free in blk_throtl_bio related to BIO_THROTTLED when throttling bios.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(307239);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2022-49465");

  script_name(english:"Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007511)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-007511 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    blk-throttle: Set BIO_THROTTLED when bio has been throttled

    1.In current process, all bio will set the BIO_THROTTLED flag
    after __blk_throtl_bio().

    2.If bio needs to be throttled, it will start the timer and
    stop submit bio directly. Bio will submit in
    blk_throtl_dispatch_work_fn() when the timer expires.But in
    the current process, if bio is throttled. The BIO_THROTTLED
    will be set to bio after timer start. If the bio has been
    completed, it may cause use-after-free blow.

    BUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70
    Read of size 2 at addr ffff88801b8902d4 by task fio/26380

     dump_stack+0x9b/0xce
     print_address_description.constprop.6+0x3e/0x60
     kasan_report.cold.9+0x22/0x3a
     blk_throtl_bio+0x12f0/0x2c70
     submit_bio_checks+0x701/0x1550
     submit_bio_noacct+0x83/0xc80
     submit_bio+0xa7/0x330
     mpage_readahead+0x380/0x500
     read_pages+0x1c1/0xbf0
     page_cache_ra_unbounded+0x471/0x6f0
     do_page_cache_ra+0xda/0x110
     ondemand_readahead+0x442/0xae0
     page_cache_async_ra+0x210/0x300
     generic_file_buffered_read+0x4d9/0x2130
     generic_file_read_iter+0x315/0x490
     blkdev_read_iter+0x113/0x1b0
     aio_read+0x2ad/0x450
     io_submit_one+0xc8e/0x1d60
     __se_sys_io_submit+0x125/0x350
     do_syscall_64+0x2d/0x40
     entry_SYSCALL_64_after_hwframe+0x44/0xa9

    Allocated by task 26380:
     kasan_save_stack+0x19/0x40
     __kasan_kmalloc.constprop.2+0xc1/0xd0
     kmem_cache_alloc+0x146/0x440
     mempool_alloc+0x125/0x2f0
     bio_alloc_bioset+0x353/0x590
     mpage_alloc+0x3b/0x240
     do_mpage_readpage+0xddf/0x1ef0
     mpage_readahead+0x264/0x500
     read_pages+0x1c1/0xbf0
     page_cache_ra_unbounded+0x471/0x6f0
     do_page_cache_ra+0xda/0x110
     ondemand_readahead+0x442/0xae0
     page_cache_async_ra+0x210/0x300
     generic_file_buffered_read+0x4d9/0x2130
     generic_file_read_iter+0x315/0x490
     blkdev_read_iter+0x113/0x1b0
     aio_read+0x2ad/0x450
     io_submit_one+0xc8e/0x1d60
     __se_sys_io_submit+0x125/0x350
     do_syscall_64+0x2d/0x40
     entry_SYSCALL_64_after_hwframe+0x44/0xa9

    Freed by task 0:
     kasan_save_stack+0x19/0x40
     kasan_set_track+0x1c/0x30
     kasan_set_free_info+0x1b/0x30
     __kasan_slab_free+0x111/0x160
     kmem_cache_free+0x94/0x460
     mempool_free+0xd6/0x320
     bio_free+0xe0/0x130
     bio_put+0xab/0xe0
     bio_endio+0x3a6/0x5d0
     blk_update_request+0x590/0x1370
     scsi_end_request+0x7d/0x400
     scsi_io_completion+0x1aa/0xe50
     scsi_softirq_done+0x11b/0x240
     blk_mq_complete_request+0xd4/0x120
     scsi_mq_done+0xf0/0x200
     virtscsi_vq_done+0xbc/0x150
     vring_interrupt+0x179/0x390
     __handle_irq_event_percpu+0xf7/0x490
     handle_irq_event_percpu+0x7b/0x160
     handle_irq_event+0xcc/0x170
     handle_edge_irq+0x215/0xb20
     common_interrupt+0x60/0x120
     asm_common_interrupt+0x1e/0x40

    Fix this by move BIO_THROTTLED set into the queue_lock.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-007511
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84968c94");
  # https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2022-49465-c14f@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dabe55cc");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-49465");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-49465");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e|20.1060e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e / 20.1060e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1060e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1060e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1060e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1060e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1070e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2203.3.0', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.17.8
EPSS0.00259
SSVC
8