Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987286)

medium Nessus Plugin ID 267990

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987286 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 ARM: davinci: da850-evm: Avoid NULL pointer dereference

 With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine:

 Unable to handle kernel NULL pointer dereference at virtual address 00000020 pgd = (ptrval) [00000020] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT ARM Modules linked in:
 CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1 Hardware name: Generic DT based system PC is at da850_evm_config_emac+0x1c/0x120 LR is at do_one_initcall+0x50/0x1e0

 The emac_pdata pointer in soc_info is NULL because davinci_soc_info only gets populated on davinci machines but da850_evm_config_emac() is called on all machines via device_initcall().

 Move the rmii_en assignment below the machine check so that it is only dereferenced when running on a supported SoC.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?d863b6c1

http://www.nessus.org/u?0ae615dc

https://nvd.nist.gov/vuln/detail/CVE-2021-47631

Plugin Details

Severity: Medium

ID: 267990

File Name: unity_linux_UTSA-2025-987286.nasl

Version: 1.1

Type: local

Published: 10/7/2025

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2021-47631

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/23/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2021-47631