Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001084)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

Unity Linux kernel update fixes use-after-free in kvm_ioctl_create_device to prevent crash or privilege gain.

Reporter	Title	Published	Views	Family All 33
BDU FSTEC	The vulnerability of the kvm_ioctl_create_device function in the Linux operating system allows a hacker to trigger a service failure or increase their privileges.	2 Jun 201700:00	–	bdu_fstec
CNVD	Linux Kernel Denial of Service Vulnerability (CNVD-2017-01068)	25 Jan 201700:00	–	cnvd
CVE	CVE-2016-10150	6 Feb 201706:04	–	cve
Cvelist	CVE-2016-10150	6 Feb 201706:04	–	cvelist
Debian CVE	CVE-2016-10150	6 Feb 201706:04	–	debiancve
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)	14 May 201900:00	–	nessus
Tenable Nessus	Ubuntu 16.10 : linux vulnerabilities (USN-3190-1)	6 Feb 201700:00	–	nessus
Tenable Nessus	Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3190-2)	10 Feb 201700:00	–	nessus
Tenable Nessus	Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001981)	15 Jan 202600:00	–	nessus
Tenable Nessus	Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002086)	15 Jan 202600:00	–	nessus

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
kernel	www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13
openwall	www.openwall.com/lists/oss-security/2017/01/18/10
securityfocus	www.securityfocus.com/bid/95672
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nessus	www.nessus.org/u
security-tracker	www.security-tracker.debian.org/tracker/CVE-2016-10150
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(283815);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/15");

  script_cve_id("CVE-2016-10150");

  script_name(english:"Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001084)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-001084 advisory.

    Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux
    kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain
    privileges via crafted ioctl calls on the /dev/kvm device.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-001084
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?98d6eee2");
  # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5141697b");
  script_set_attribute(attribute:"see_also", value:"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13");
  script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2017/01/18/10");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/95672");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1414506");
  # https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b595aa62");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-10150");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-10150");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e|20.1060e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e / 20.1060e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.45', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.45', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.45', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1060e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2305.1.0.0199.102', 'sp':'1060e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2305.1.0.0199.102', 'sp':'1060e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2305.1.0.0199.102', 'sp':'1060e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2409.6.0.0297.103.005', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2409.6.0.0297.103.005', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2409.6.0.0297.103.005', 'sp':'1070e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2409.6.0.0297.103.005', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

15 Jan 2026 00:00Current

7High risk

Vulners AI Score7

CVSS 3.19.8

CVSS 210

EPSS0.10177