Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003444)

🗓️ 15 Jan 2026 00:00:00Reported by TenableType

Unity Linux 20 host kernel flaw before 4.5.3 enables memory disclosure via associative arrays.

Reporter	Title	Published	Views	Family All 96
Tenable Nessus	CentOS 7 : kernel (CESA-2016:2574)	28 Nov 201600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)	1 May 201700:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1484)	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)	13 May 201900:00	–	nessus
Tenable Nessus	openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)	12 Dec 201600:00	–	nessus
Tenable Nessus	RHEL 7 : kernel (RHSA-2016:2574)	4 Nov 201600:00	–	nessus
Tenable Nessus	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)	15 Feb 201700:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)	16 Feb 201700:00	–	nessus
Tenable Nessus	Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3406-1)	29 Aug 201700:00	–	nessus
Tenable Nessus	Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000720)	14 Jan 202600:00	–	nessus

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
rhn	www.rhn.redhat.com/errata/RHSA-2016-2574.html
source	www.source.android.com/security/bulletin/2016-11-01.html
kernel	www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
securityfocus	www.securityfocus.com/bid/94138
nessus	www.nessus.org/u
security-tracker	www.security-tracker.debian.org/tracker/CVE-2016-7914
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(287935);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2016-7914");

  script_name(english:"Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003444)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-003444 advisory.

    The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3
    does not check whether a slot is a leaf, which allows local users to obtain sensitive information from
    kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an
    application that uses associative-array data structures, as demonstrated by the keyutils test suite.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-003444
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?48b326d3");
  # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0d28498");
  script_set_attribute(attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2016-2574.html");
  script_set_attribute(attribute:"see_also", value:"http://source.android.com/security/bulletin/2016-11-01.html");
  script_set_attribute(attribute:"see_also", value:"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/94138");
  # https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc6521db");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-7914");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7914");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060e',
    'pkgs': [
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-46.38', 'sp':'1060e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.5', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

16 Jan 2026 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 35.5

CVSS 27.1

EPSS0.02041