Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986546)

medium Nessus Plugin ID 268522

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986546 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 rtl818x: Prevent using not initialized queues

 Using not existing queues can panic the kernel with rtl8180/rtl8185 cards.
 Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin ([email protected]) reported the kernel crash in the Gentoo forum:

 https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html

 He also confirmed that this patch fixes the issue. In summary this happened:

 After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a divide error: 0000 when connecting to an AP. Control port tx now tries to use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in 2.10.

 Since only the rtl8187se part of the driver supports QoS, the priority of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185 cards.

 rtl8180 is then unconditionally reading out the priority and finally crashes on drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this patch:
 idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries

 ring->entries is zero for rtl8180/rtl8185 cards, tx_ring[2] never got initialized.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?a6255fd4

http://www.nessus.org/u?613bfa25

https://nvd.nist.gov/vuln/detail/CVE-2022-49326

Plugin Details

Severity: Medium

ID: 268522

File Name: unity_linux_UTSA-2025-986546.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-49326

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2022-49326