Detections
Analytics

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-424047)

medium Nessus Plugin ID 267451

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-424047 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

 The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. If an interrupt has already occurred then waiting for the interrupt handler to complete will deadlock because it will be trying to acquire the same mutex.

 CPU0 CPU1
 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() <interrupt> mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() disable_irq() <-- deadlock

 Use disable_irq_nosync() instead because the interrupt handler does everything while holding the mutex so it doesn't matter if it's still running.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?31ec8190

https://nvd.nist.gov/vuln/detail/CVE-2024-46791

Plugin Details

Severity: Medium

ID: 267451

File Name: unity_linux_UTSA-2025-424047.nasl

Version: 1.1

Type: local

Published: 10/7/2025

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-46791

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2025

Vulnerability Publication Date: 9/18/2024

Reference Information

CVE: CVE-2024-46791