Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992429)

medium Nessus Plugin ID 280517

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992429 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure

 adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point.

 Propagate errors from qlcnic_dcb_enable(), and instead free the dcb pointer at callsite using qlcnic_dcb_free(). This also removes the now unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb.

 Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?204b8820

http://www.nessus.org/u?373e804e

https://nvd.nist.gov/vuln/detail/CVE-2022-50288

Plugin Details

Severity: Medium

ID: 280517

File Name: unity_linux_UTSA-2025-992429.nasl

Version: 1.1

Type: local

Published: 12/30/2025

Updated: 12/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-50288

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/30/2025

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2022-50288