Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003026)

🗓️ 15 Jan 2026 00:00:00Reported by TenableType

Kernel ext4 flaw lets local users cause out-of-bounds access, denial of service, and crash with a crafted image.

Reporter	Title	Published	Views	Family All 193
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities	27 Jun 201908:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM	17 May 201916:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is affected by multiple third-party vulnerabilities (Node.js, nghttp2, Linux, Intel CPU, Android)	31 Oct 201820:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM	26 Sep 201819:00	–	ibm
ALT Linux	Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.140-alt0.M80P.1	16 Jul 201800:00	–	altlinux
Tenable Nessus	CentOS 7 : kernel (CESA-2018:3083)	16 Nov 201800:00	–	nessus
Tenable Nessus	Debian DLA-1423-1 : linux-4.9 new package (Spectre)	20 Jul 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)	28 Dec 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)	15 Feb 201900:00	–	nessus

Source	Link
nessus	www.nessus.org/u
patchwork	www.patchwork.ozlabs.org/patch/929792/
securityfocus	www.securityfocus.com/bid/104901
access	www.access.redhat.com/errata/RHSA-2018:2948
access	www.access.redhat.com/errata/RHSA-2018:3083
access	www.access.redhat.com/errata/RHSA-2018:3096
bugzilla	www.bugzilla.kernel.org/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nessus	www.nessus.org/u
lists	www.lists.debian.org/debian-lts-announce/2018/07/msg00020.html

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(287329);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2018-10881");

  script_name(english:"Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003026)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-003026 advisory.

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in
    ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a
    crafted ext4 filesystem image.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-003026
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d88cdcf");
  script_set_attribute(attribute:"see_also", value:"http://patchwork.ozlabs.org/patch/929792/");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/104901");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2948");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3083");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3096");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.kernel.org/show_bug.cgi?id=200015");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881");
  # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fe475466");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10881");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3752-1/");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3752-2/");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3752-3/");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3753-1/");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3753-2/");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3754-1/");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10881");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060a|20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060a / 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060a',
    'pkgs': [
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

16 Jan 2026 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24.9

CVSS 34.2 - 5.5

EPSS0.00049