Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990849)

medium Nessus Plugin ID 275099

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990849 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

 When io_uring starts a write, it'll call kiocb_start_write() to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze side will grab that rwsem for writing, excluding any new writers from happening and waiting for existing writes to finish. But io_uring unconditionally uses kiocb_start_write(), which will block if someone is currently attempting to freeze the mount point.
 This causes a deadlock where freeze is waiting for previous writes to complete, but the previous writes cannot complete, as the task that is supposed to complete them is blocked waiting on starting a new write.
 This results in the following stuck trace showing that dependency with the write blocked starting a new write:

 task:fio state:D stack:0 pid:886 tgid:886 ppid:876 Call trace:
 __switch_to+0x1d8/0x348
 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_rwsem_wait+0x1e8/0x3f8
 __percpu_down_read+0xe8/0x500 io_write+0xbb8/0xff8 io_issue_sqe+0x10c/0x1020 io_submit_sqes+0x614/0x2110
 __arm64_sys_io_uring_enter+0x524/0x1038 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 INFO: task fsfreeze:7364 blocked for more than 15 seconds.
 Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963

 with the attempting freezer stuck trying to grab the rwsem:

 task:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995 Call trace:
 __switch_to+0x1d8/0x348
 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_down_write+0x2b0/0x680 freeze_super+0x248/0x8a8 do_vfs_ioctl+0x149c/0x1b18
 __arm64_sys_ioctl+0xd0/0x1a0 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170

 Fix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a blocking grab of the super block rwsem if it isn't set. For normal issue where IOCB_NOWAIT would always be set, this returns -EAGAIN which will have io_uring core issue a blocking attempt of the write. That will in turn also get completions run, ensuring forward progress.

 Since freezing requires CAP_SYS_ADMIN in the first place, this isn't something that can be triggered by a regular user.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?653cc6fc

https://nvd.nist.gov/vuln/detail/CVE-2024-53052

Plugin Details

Severity: Medium

ID: 275099

File Name: unity_linux_UTSA-2025-990849.nasl

Version: 1.1

Type: local

Published: 11/12/2025

Updated: 11/12/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:C

CVSS Score Source: CVE-2024-53052

CVSS v3

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.9

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/12/2025

Vulnerability Publication Date: 11/19/2024

Reference Information

CVE: CVE-2024-53052