Detections
Analytics

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-393980)

medium Nessus Plugin ID 267071

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-393980 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency

 In _dwc2_hcd_urb_enqueue(), urb->hcpriv = NULL is executed without holding the lock hsotg->lock. In _dwc2_hcd_urb_dequeue():

 spin_lock_irqsave(&hsotg->lock, flags);
 ...
 if (!urb->hcpriv) { dev_dbg(hsotg->dev, ## urb->hcpriv is NULL ##\n);
 goto out;
 } rc = dwc2_hcd_urb_dequeue(hsotg, urb->hcpriv); // Use urb->hcpriv ...
 out:
 spin_unlock_irqrestore(&hsotg->lock, flags);

 When _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() are concurrently executed, the NULL check of urb->hcpriv can be executed before urb->hcpriv = NULL. After urb->hcpriv is NULL, it can be used in the function call to dwc2_hcd_urb_dequeue(), which can cause a NULL pointer dereference.

 This possible bug is found by an experimental static analysis tool developed by myself. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported, when my tool analyzes the source code of Linux 6.5.

 To fix this possible bug, urb->hcpriv = NULL should be executed with holding the lock hsotg->lock. After using this patch, my tool never reports the possible bug, with the kernelconfiguration allyesconfig for x86_64. Because I have no associated hardware, I cannot test the patch in runtime testing, and just verify it according to the code logic.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?e2be1c7e

https://nvd.nist.gov/vuln/detail/CVE-2023-52855

http://www.nessus.org/u?97576d79

Plugin Details

Severity: Medium

ID: 267071

File Name: unity_linux_UTSA-2025-393980.nasl

Version: 1.1

Type: local

Published: 10/7/2025

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2023-52855

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2025

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2023-52855