Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986444)

high Nessus Plugin ID 268078

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986444 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 drm/amd/pm: fix double free in si_parse_power_table()

 In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and returned with an error code. However, the array is later freed again in si_dpm_fini() function which is called when the function returns an error.

 This leads to potential double free of the array adev->pm.dpm.ps, as well as leak of its array members, since the members are not freed in the allocation function and the array is not nulled when freed.
 In addition adev->pm.dpm.num_ps, which keeps track of the allocated array member, is not updated until the member allocation is successfully finished, this could also lead to either use after free, or uninitialized variable access in si_dpm_fini().

 Fix this by postponing the free of the array until si_dpm_fini() and increment adev->pm.dpm.num_ps everytime the array member is allocated.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?c9548c3f

http://www.nessus.org/u?515a1d44

https://nvd.nist.gov/vuln/detail/CVE-2022-49530

Plugin Details

Severity: High

ID: 268078

File Name: unity_linux_UTSA-2025-986444.nasl

Version: 1.1

Type: local

Published: 10/7/2025

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-49530

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2022-49530