Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986518)

medium Nessus Plugin ID 268425

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986518 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 netrom: Fix a memory leak in nr_heartbeat_expiry()

 syzbot reported a memory leak in nr_create() [0].

 Commit 409db27e3a2e (netrom: Fix use-after-free of a listening socket.) added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag.

 But in the case a, when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() function has been called.
 So it makes no sense to hold the reference count because no one will call another nr_destroy_socket() and put it as in the case b.

 nr_connect nr_establish_data_link nr_start_heartbeat

 nr_release switch (nr->state) case NR_STATE_3 nr->state = NR_STATE_2 sock_set_flag(sk, SOCK_DESTROY);

 nr_rx_frame nr_process_rx_frame switch (nr->state) case NR_STATE_2 nr_state2_machine() nr_disconnect() nr_sk(sk)->state = NR_STATE_0 sock_set_flag(sk, SOCK_DEAD)

 nr_heartbeat_expiry switch (nr->state) case NR_STATE_0 if (sock_flag(sk, SOCK_DESTROY) || (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) sock_hold() // ( !!! ) nr_destroy_socket()

 To fix the memory leak, let's call sock_hold() only for a listening socket.

 Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller.

 [0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?aa9c0547

http://www.nessus.org/u?b0fc431f

https://nvd.nist.gov/vuln/detail/CVE-2024-41006

Plugin Details

Severity: Medium

ID: 268425

File Name: unity_linux_UTSA-2025-986518.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-41006

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2025

Vulnerability Publication Date: 4/9/2024

Reference Information

CVE: CVE-2024-41006