Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992407)

medium Nessus Plugin ID 280635

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992407 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()

 Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in:
 drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);
 with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.
 and then in:
 drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock);
 we'll get a division-by-zero.

 The following log can reveal it:

 divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline] RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784 Call Trace:
 fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189

 Fix this by checking the argument of ark_set_pixclock() first.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?b300a572

http://www.nessus.org/u?67055e2c

https://nvd.nist.gov/vuln/detail/CVE-2022-50102

Plugin Details

Severity: Medium

ID: 280635

File Name: unity_linux_UTSA-2025-992407.nasl

Version: 1.1

Type: local

Published: 12/30/2025

Updated: 12/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-50102

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/30/2025

Vulnerability Publication Date: 6/18/2025

Reference Information

CVE: CVE-2022-50102