Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990243)

medium Nessus Plugin ID 272684

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990243 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 btrfs: qgroup: fix quota root leak after quota disable failure

 If during the quota disable we fail when cleaning the quota tree or when deleting the root from the root tree, we jump to the 'out' label without ever dropping the reference on the quota root, resulting in a leak of the root since fs_info->quota_root is no longer pointing to the root (we have set it to NULL just before those steps).

 Fix this by always doing a btrfs_put_root() call under the 'out' label.
 This is a problem that exists since qgroups were first added in 2012 by commit bed92eae26cc (Btrfs: qgroup implementation and prototypes), but back then we missed a kfree on the quota root and free_extent_buffer() calls on its root and commit root nodes, since back then roots were not yet reference counted.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?5db0f2f3

http://www.nessus.org/u?bfd68f52

https://nvd.nist.gov/vuln/detail/CVE-2024-41078

Plugin Details

Severity: Medium

ID: 272684

File Name: unity_linux_UTSA-2025-990243.nasl

Version: 1.1

Type: local

Published: 11/5/2025

Updated: 11/5/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-41078

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2025

Vulnerability Publication Date: 7/29/2024

Reference Information

CVE: CVE-2024-41078