Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990084)

medium Nessus Plugin ID 272676

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990084 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

 If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen:

 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...
 preempt_count: 1, expected: 0 ...
 Call Trace:
 ...
 __might_resched+0x104/0x10e
 __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6
 __irq_set_trigger+0x56/0x172
 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ...

 We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C).

 The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc.

 mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex.

 However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock.

 It seems, the internal regmap locks are not needed in this driver at all.
 mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set.

 mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock().

 The accesses to the regmap from mcp23s08_probe_one() do not need additional locking.

 In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock.

 This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?c8deb05c

http://www.nessus.org/u?1d5782c9

https://nvd.nist.gov/vuln/detail/CVE-2024-57889

Plugin Details

Severity: Medium

ID: 272676

File Name: unity_linux_UTSA-2025-990084.nasl

Version: 1.1

Type: local

Published: 11/5/2025

Updated: 11/5/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-57889

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2025

Vulnerability Publication Date: 1/15/2025

Reference Information

CVE: CVE-2024-57889