Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989369)

high Nessus Plugin ID 273312

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989369 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 platform/x86: wmi: Fix opening of char device

 Since commit fa1f68db6ca7 (drivers: misc: pass miscdevice pointer via file private data), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices().

 Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?6d363821

http://www.nessus.org/u?7b87cc7b

https://nvd.nist.gov/vuln/detail/CVE-2023-52864

Plugin Details

Severity: High

ID: 273312

File Name: unity_linux_UTSA-2025-989369.nasl

Version: 1.1

Type: local

Published: 11/5/2025

Updated: 11/5/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-52864

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2025

Vulnerability Publication Date: 12/14/2023

Reference Information

CVE: CVE-2023-52864