Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986938)

medium Nessus Plugin ID 268623

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986938 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 drm/msm/dp: populate connector of struct dp_panel

 DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum.

 The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned.

 Changes in V2:
 -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()

 Changes in V3:
 -- remove unhelpful kernel crash trace commit text
 -- remove renaming dp_display parameter to dp

 Changes in V4:
 -- add more details to commit text

 Changes in v10:
 -- group into one series

 Changes in v11:
 -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read

 Signee-off-by: Kuogee Hsieh <[email protected]>

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?857858f6

http://www.nessus.org/u?348c38ef

https://nvd.nist.gov/vuln/detail/CVE-2022-49221

Plugin Details

Severity: Medium

ID: 268623

File Name: unity_linux_UTSA-2025-986938.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-49221

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/23/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2022-49221