Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986314)

critical Nessus Plugin ID 269023

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986314 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

 The if statement:
 if (port >= DSAF_GE_NUM) return;

 limits the value of port less than DSAF_GE_NUM (i.e., 8).
 However, if the value of port is 6 or 7, an array overflow could occur:
 port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;

 because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).

 To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?642de94f

http://www.nessus.org/u?f31fa1fc

https://nvd.nist.gov/vuln/detail/CVE-2021-47548

Plugin Details

Severity: Critical

ID: 269023

File Name: unity_linux_UTSA-2025-986314.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/15/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-47548

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2025

Vulnerability Publication Date: 1/28/2022

Reference Information

CVE: CVE-2021-47548