Detections
Analytics

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-396890)

medium Nessus Plugin ID 267403

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-396890 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

 syzbot found hanging tasks waiting on rtnl_lock [1]

 A reproducer is available in the syzbot bug.

 When a request to add multiple actions with the same index is sent, the second request will block forever on the first request. This holds rtnl_lock, and causes tasks to hang.

 Return -EAGAIN to prevent infinite looping, while keeping documented behavior.

 [1]

 INFO: task kworker/1:0:5088 blocked for more than 143 seconds.
 Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0 echo 0 > /proc/sys/kernel/hung_task_timeout_secs disables this message.
 task:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000 Workqueue: events_power_efficient reg_check_chans_work Call Trace:
 <TASK> context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0xf15/0x5d00 kernel/sched/core.c:6746
 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6838 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752 wiphy_lock include/net/cfg80211.h:5953 [inline] reg_leave_invalid_chans net/wireless/reg.c:2466 [inline] reg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?263bc979

https://nvd.nist.gov/vuln/detail/CVE-2024-40995

Plugin Details

Severity: Medium

ID: 267403

File Name: unity_linux_UTSA-2025-396890.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-40995

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2025

Vulnerability Publication Date: 4/9/2024

Reference Information

CVE: CVE-2024-40995