Lucene search
K

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005069)

🗓️ 27 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Linux kernel security update fixes bridge transmit when skb is too short to avoid uninitialized value.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(296793);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/27");

  script_cve_id("CVE-2024-38538");

  script_name(english:"Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005069)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-005069 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    net: bridge: xmit: make sure we have at least eth header len bytes

    syzbot triggered an uninit value[1] error in bridge device's xmit path
    by sending a short (less than ETH_HLEN bytes) skb. To fix it check if
    we can actually pull that amount instead of assuming.

    Tested with dropwatch:
     drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)
     origin: software
     timestamp: Mon May 13 11:31:53 2024 778214037 nsec
     protocol: 0x88a8
     length: 2
     original length: 2
     drop reason: PKT_TOO_SMALL

    [1]
    BUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
     br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
     __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
     netdev_start_xmit include/linux/netdevice.h:4917 [inline]
     xmit_one net/core/dev.c:3531 [inline]
     dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547
     __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341
     dev_queue_xmit include/linux/netdevice.h:3091 [inline]
     __bpf_tx_skb net/core/filter.c:2136 [inline]
     __bpf_redirect_common net/core/filter.c:2180 [inline]
     __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187
     ____bpf_clone_redirect net/core/filter.c:2460 [inline]
     bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432
     ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
     __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238
     bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
     __bpf_prog_run include/linux/filter.h:657 [inline]
     bpf_prog_run include/linux/filter.h:664 [inline]
     bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425
     bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058
     bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269
     __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678
     __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]
     __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]
     __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765
     x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322
     do_syscall_x64 arch/x86/entry/common.c:52 [inline]
     do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
     entry_SYSCALL_64_after_hwframe+0x77/0x7f

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-005069
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c80888db");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-38538");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38538");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Jan 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.17.1
EPSS0.00284
SSVC
3