Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-014303)

high Nessus Plugin ID 310015

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014303 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 f2fs: fix to avoid potential deadlock

 As Jiaming Zhang and syzbot reported, there is potential deadlock in f2fs as below:

 Chain exists of:
 &sbi->cp_rwsem --> fs_reclaim --> sb_internal#2

 Possible unsafe locking scenario:

 CPU0 CPU1
 ---- ---- rlock(sb_internal#2);
 lock(fs_reclaim);
 lock(sb_internal#2);
 rlock(&sbi->cp_rwsem);

 *** DEADLOCK ***

 3 locks held by kswapd0/73:
 #0: ffffffff8e247a40 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat mm/vmscan.c:7015 [inline] #0: ffffffff8e247a40 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x951/0x2800 mm/vmscan.c:7389 #1: ffff8880118400e0 (&type->s_umount_key#50){.+.+}-{4:4}, at: super_trylock_shared fs/super.c:562 [inline] #1: ffff8880118400e0 (&type->s_umount_key#50){.+.+}-{4:4}, at: super_cache_scan+0x91/0x4b0 fs/super.c:197 #2: ffff888011840610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x8d9/0x1b60 fs/f2fs/inode.c:890

 stack backtrace:
 CPU: 0 UID: 0 PID: 73 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace:
 <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175 check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_read+0x46/0x2e0 kernel/locking/rwsem.c:1537 f2fs_down_read fs/f2fs/f2fs.h:2278 [inline] f2fs_lock_op fs/f2fs/f2fs.h:2357 [inline] f2fs_do_truncate_blocks+0x21c/0x10c0 fs/f2fs/file.c:791 f2fs_truncate_blocks+0x10a/0x300 fs/f2fs/file.c:867 f2fs_truncate+0x489/0x7c0 fs/f2fs/file.c:925 f2fs_evict_inode+0x9f2/0x1b60 fs/f2fs/inode.c:897 evict+0x504/0x9c0 fs/inode.c:810 f2fs_evict_inode+0x1dc/0x1b60 fs/f2fs/inode.c:853 evict+0x504/0x9c0 fs/inode.c:810 dispose_list fs/inode.c:852 [inline] prune_icache_sb+0x21b/0x2c0 fs/inode.c:1000 super_cache_scan+0x39b/0x4b0 fs/super.c:224 do_shrink_slab+0x6ef/0x1110 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0x7ef/0x10d0 mm/shrinker.c:628 shrink_one+0x28a/0x7c0 mm/vmscan.c:4955 shrink_many mm/vmscan.c:5016 [inline] lru_gen_shrink_node mm/vmscan.c:5094 [inline] shrink_node+0x315d/0x3780 mm/vmscan.c:6081 kswapd_shrink_node mm/vmscan.c:6941 [inline] balance_pgdat mm/vmscan.c:7124 [inline] kswapd+0x147c/0x2800 mm/vmscan.c:7389 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK>

 The root cause is deadlock among four locks as below:

 kswapd
 - fs_reclaim --- Lock A
 - shrink_one
 - evict
 - f2fs_evict_inode
 - sb_start_intwrite --- Lock B

 - iput
 - evict
 - f2fs_evict_inode
 - sb_start_intwrite --- Lock B
 - f2fs_truncate
 - f2fs_truncate_blocks
 - f2fs_do_truncate_blocks
 - f2fs_lock_op --- Lock C

 ioctl
 - f2fs_ioc_commit_atomic_write
 - f2fs_lock_op --- Lock C
 - __f2fs_commit_atomic_write
 - __replace_atomic_write_block
 - f2fs_get_dnode_of_data
 - __get_node_folio
 - f2fs_check_nid_range
 - f2fs_handle_error
 - f2fs_record_errors
 - f2fs_down_write --- Lock D

 open
 - do_open
 - do_truncate
 - security_inode_need_killpriv
 - f2fs_getxattr
 - lookup_all_xattrs
 - f2fs_handle_error
 - f2fs_record_errors
 - f2fs_down_write --- Lock D
 - f2fs_commit_super
 - read_mapping_folio
 - filemap_alloc_folio_noprof
 - prepare_alloc_pages
 - fs_reclaim_acquire --- Lock A

 In order to a
 ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2025-71065

http://www.nessus.org/u?0af66ce6

http://www.nessus.org/u?45d2c742

Plugin Details

Severity: High

ID: 310015

File Name: unity_linux_UTSA-2026-014303.nasl

Version: 1.1

Type: Local

Published: 4/23/2026

Updated: 4/23/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-71065

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/24/2026

Vulnerability Publication Date: 1/13/2026

Reference Information

CVE: CVE-2025-71065