Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986741)

medium Nessus Plugin ID 268081

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986741 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 mm/memory-failure: make sure wait for page writeback in memory_failure

 Our syzkaller trigger the BUG_ON(!list_empty(&inode->i_wb_list)) in clear_inode:

 kernel BUG at fs/inode.c:519! Internal error: Oops - BUG: 0 [#1] SMP Modules linked in:
 Process syz-executor.0 (pid: 249, stack limit = 0x00000000a12409d7) CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted 4.19.95 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : clear_inode+0x280/0x2a8 lr : clear_inode+0x280/0x2a8 Call trace:
 clear_inode+0x280/0x2a8 ext4_clear_inode+0x38/0xe8 ext4_free_inode+0x130/0xc68 ext4_evict_inode+0xb20/0xcb8 evict+0x1a8/0x3c0 iput+0x344/0x460 do_unlinkat+0x260/0x410
 __arm64_sys_unlinkat+0x6c/0xc0 el0_svc_common+0xdc/0x3b0 el0_svc_handler+0xf8/0x160 el0_svc+0x10/0x218 Kernel panic - not syncing: Fatal exception

 A crash dump of this problem show that someone called __munlock_pagevec to clear page LRU without lock_page: do_mmap -> mmap_region -> do_munmap
 -> munlock_vma_pages_range -> __munlock_pagevec.

 As a result memory_failure will call identify_page_state without wait_on_page_writeback. And after truncate_error_page clear the mapping of this page. end_page_writeback won't call sb_clear_inode_writeback to clear inode->i_wb_list. That will trigger BUG_ON in clear_inode!

 Fix it by checking PageWriteback too to help determine should we skip wait_on_page_writeback.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?5bd26fc4

http://www.nessus.org/u?6d93f684

https://nvd.nist.gov/vuln/detail/CVE-2021-47256

Plugin Details

Severity: Medium

ID: 268081

File Name: unity_linux_UTSA-2025-986741.nasl

Version: 1.1

Type: local

Published: 10/7/2025

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2021-47256

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/23/2025

Vulnerability Publication Date: 1/28/2022

Reference Information

CVE: CVE-2021-47256