Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990819)

medium Nessus Plugin ID 275078

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990819 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 blk_iocost: fix more out of bound shifts

 Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function:

 UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ...
 UBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ...
 Call Trace:
 <IRQ> dump_stack_lvl+0xca/0x130
 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720
 __run_timer_base+0x519/0x700 ...

 Actual impact of this issue was not identified but I propose to fix the undefined behaviour.
 The proposed fix to prevent those out of bound shifts consist of precalculating exponent before using it the shift operations by taking min value from the actual exponent and maximum possible number of bits.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?3911dd29

https://nvd.nist.gov/vuln/detail/CVE-2024-49933

Plugin Details

Severity: Medium

ID: 275078

File Name: unity_linux_UTSA-2025-990819.nasl

Version: 1.1

Type: local

Published: 11/12/2025

Updated: 11/12/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-49933

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/12/2025

Vulnerability Publication Date: 10/21/2024

Reference Information

CVE: CVE-2024-49933