Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986618)

medium Nessus Plugin ID 269062

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986618 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 tracing/histograms: Fix memory leak problem

 This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac.

 As commit 46bbe5c671e0 (tracing: fix double free) said, the double free problem reported by clang static analyzer is:
 > In parse_var_defs() if there is a problem allocating > var_defs.expr, the earlier var_defs.name is freed.
 > This free is duplicated by free_var_defs() which frees > the rest of the list.

 However, if there is a problem allocating N-th var_defs.expr:
 + in parse_var_defs(), the freed 'earlier var_defs.name' is actually the N-th var_defs.name;
 + then in free_var_defs(), the names from 0th to (N-1)-th are freed;

 IF ALLOCATING PROBLEM HAPPENED HERE!!! -+ \ | 0th 1th (N-1)-th N-th V +-------------+-------------+-----+-------------+----------- var_defs: | name | expr | name | expr | ... | name | expr | name | /// +-------------+-------------+-----+-------------+-----------

 These two frees don't act on same name, so there was no double free problem before. Conversely, after that commit, we get a memory leak problem because the above N-th var_defs.name is not freed.

 If enable CONFIG_DEBUG_KMEMLEAK and inject a fault at where the N-th var_defs.expr allocated, then execute on shell like:
 $ echo 'hist:key=call_site:val=$v1,$v2:v1=bytes_req,v2=bytes_alloc' > \ /sys/kernel/debug/tracing/events/kmem/kmalloc/trigger

 Then kmemleak reports:
 unreferenced object 0xffff8fb100ef3518 (size 8):
 comm bash, pid 196, jiffies 4295681690 (age 28.538s) hex dump (first 8 bytes):
 76 31 00 00 b1 8f ff ff v1......
 backtrace:
 [<0000000038fe4895>] kstrdup+0x2d/0x60 [<00000000c99c049a>] event_hist_trigger_parse+0x206f/0x20e0 [<00000000ae70d2cc>] trigger_process_regex+0xc0/0x110 [<0000000066737a4c>] event_trigger_write+0x75/0xd0 [<000000007341e40c>] vfs_write+0xbb/0x2a0 [<0000000087fde4c2>] ksys_write+0x59/0xd0 [<00000000581e9cdf>] do_syscall_64+0x3a/0x80 [<00000000cf3b065c>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

See Also

http://www.nessus.org/u?4ff31119

http://www.nessus.org/u?6055244b

https://nvd.nist.gov/vuln/detail/CVE-2022-49648

Plugin Details

Severity: Medium

ID: 269062

File Name: unity_linux_UTSA-2025-986618.nasl

Version: 1.1

Type: local

Published: 10/7/2025

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-49648

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2022-49648