Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987566)

medium Nessus Plugin ID 271044

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987566 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 f2fs: remove WARN_ON in f2fs_is_valid_blkaddr

 Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and
 __is_bitmap_valid. For example, in f2fs_is_valid_blkaddr, if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ, it invokes WARN_ON if blkaddr is not in the right range.
 The call trace is as follows:

 f2fs_get_node_info+0x45f/0x1070 read_node_page+0x577/0x1190
 __get_node_page.part.0+0x9e/0x10e0
 __get_node_page f2fs_get_node_page+0x109/0x180 do_read_inode f2fs_iget+0x2a5/0x58b0 f2fs_fill_super+0x3b39/0x7ca0

 Fix these two WARNs by replacing WARN_ON with dump_stack.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?442953eb

http://www.nessus.org/u?b62bb829

https://nvd.nist.gov/vuln/detail/CVE-2022-49318

Plugin Details

Severity: Medium

ID: 271044

File Name: unity_linux_UTSA-2025-987566.nasl

Version: 1.1

Type: local

Published: 10/21/2025

Updated: 10/21/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-49318

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2022-49318