Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987100)

high Nessus Plugin ID 268552

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987100 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 drbd: Fix five use after free bugs in get_initial_state

 In get_initial_state, it calls notify_initial_state_done(skb,..) if cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(), the skb will be freed by nlmsg_free(skb).
 Then get_initial_state will goto out and the freed skb will be used by return value skb->len, which is a uaf bug.

 What's worse, the same problem goes even further: skb can also be freed in the notify_*_state_change -> notify_*_state calls below.
 Thus 4 additional uaf bugs happened.

 My patch lets the problem callee functions: notify_initial_state_done and notify_*_state_change return an error code if errors happen.
 So that the error codes could be propagated and the uaf bugs can be avoid.

 v2 reports a compilation warning. This v3 fixed this warning and built successfully in my local environment with no additional warnings.
 v2: https://lore.kernel.org/patchwork/patch/1435218/

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?1fc57c30

http://www.nessus.org/u?00beb0d6

https://nvd.nist.gov/vuln/detail/CVE-2022-49085

Plugin Details

Severity: High

ID: 268552

File Name: unity_linux_UTSA-2025-987100.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2022-49085

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/23/2025

Vulnerability Publication Date: 7/19/2023

Reference Information

CVE: CVE-2022-49085