Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992588)

medium Nessus Plugin ID 280492

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992588 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: zero i_disksize when initializing the bootloader inode

 If the boot loader inode has never been used before, the EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the i_size to 0. However, if the never before used boot loader has a non-zero i_size, then i_disksize will be non-zero, and the inconsistency between i_size and i_disksize can trigger a kernel warning:

 WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4_file_write_iter+0xbc7/0xd10 Call Trace:
 vfs_write+0x3b1/0x5c0 ksys_write+0x77/0x160
 __x64_sys_write+0x22/0x30 do_syscall_64+0x39/0x80

 Reproducer:
 1. create corrupted image and mount it:
 mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR sif <5> size 25700 /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 > file 2. Run the reproducer program:
 posix_memalign(&buf, 1024, 1024) fd = open(file, O_RDWR | O_DIRECT);
 ioctl(fd, EXT4_IOC_SWAP_BOOT);
 write(fd, buf, 1024);

 Fix this by setting i_disksize as well as i_size to zero when initiaizing the boot loader inode.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?7a79f3bc

http://www.nessus.org/u?cc8d68df

https://nvd.nist.gov/vuln/detail/CVE-2023-53101

Plugin Details

Severity: Medium

ID: 280492

File Name: unity_linux_UTSA-2025-992588.nasl

Version: 1.1

Type: local

Published: 12/30/2025

Updated: 12/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2023-53101

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/30/2025

Vulnerability Publication Date: 6/12/2024

Reference Information

CVE: CVE-2023-53101