Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987543)

high Nessus Plugin ID 270983

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987543 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 mac80211: fix potential double free on mesh join

 While commit 6a01afcf8468 (mac80211: mesh: Free ie data when leaving mesh) fixed a memory leak on mesh leave / teardown it introduced a potential memory corruption caused by a double free when rejoining the mesh:

 ieee80211_leave_mesh()
 -> kfree(sdata->u.mesh.ie);
 ...
 ieee80211_join_mesh()
 -> copy_mesh_setup()
 -> old_ie = ifmsh->ie;
 -> kfree(old_ie);

 This double free / kernel panics can be reproduced by using wpa_supplicant with an encrypted mesh (if set up without encryption via iw then ifmsh->ie is always NULL, which avoids this issue). And then calling:

 $ iw dev mesh0 mesh leave $ iw dev mesh0 mesh join my-mesh

 Note that typically these commands are not used / working when using wpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going through a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join where the NETDEV_UP resets the mesh.ie to NULL via a memcpy of default_mesh_setup in cfg80211_netdev_notifier_call, which then avoids the memory corruption, too.

 The issue was first observed in an application which was not using wpa_supplicant but Senf instead, which implements its own calls to nl80211.

 Fixing the issue by removing the kfree()'ing of the mesh IE in the mesh join function and leaving it solely up to the mesh leave to free the mesh IE.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?b6b7cb68

http://www.nessus.org/u?94f491ce

https://nvd.nist.gov/vuln/detail/CVE-2022-49290

Plugin Details

Severity: High

ID: 270983

File Name: unity_linux_UTSA-2025-987543.nasl

Version: 1.1

Type: local

Published: 10/21/2025

Updated: 10/21/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-49290

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2025

Vulnerability Publication Date: 11/8/2022

Reference Information

CVE: CVE-2022-49290