Detections
Analytics

Unity Linux 20.1050a / 20.1070a Security Update: kernel (UTSA-2025-380067)

high Nessus Plugin ID 267055

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-380067 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

 Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled.

 This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned.

 This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size.

 Fix this issue by changing the type of the local variable causing the bit loss from unsigned int to u64. The return value of nilfs_last_byte() is also of type unsigned int, but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?245420c6

http://www.nessus.org/u?e3d33fe9

https://nvd.nist.gov/vuln/detail/CVE-2024-56619

Plugin Details

Severity: High

ID: 267055

File Name: unity_linux_UTSA-2025-380067.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-56619

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2025

Vulnerability Publication Date: 12/27/2024

Reference Information

CVE: CVE-2024-56619