Lucene search
K

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005194)

🗓️ 27 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Unity Linux 20.1050e update fixes race in ila add mapping by serializing nf_register_net_hooks.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(296975);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/27");

  script_cve_id("CVE-2024-57900");

  script_name(english:"Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005194)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-005194 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ila: serialize calls to nf_register_net_hooks()

    syzbot found a race in ila_add_mapping() [1]

    commit 031ae72825ce (ila: call nf_unregister_net_hooks() sooner)
    attempted to fix a similar issue.

    Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.

    Add a mutex to make sure at most one thread is calling nf_register_net_hooks().

    [1]
     BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]
     BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550
    include/linux/rhashtable.h:604
    Read of size 4 at addr ffff888028f40008 by task dhcpcd/5501

    CPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
    Call Trace:
     <IRQ>
      __dump_stack lib/dump_stack.c:94 [inline]
      dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
      print_address_description mm/kasan/report.c:378 [inline]
      print_report+0xc3/0x620 mm/kasan/report.c:489
      kasan_report+0xd9/0x110 mm/kasan/report.c:602
      rht_key_hashfn include/linux/rhashtable.h:159 [inline]
      __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604
      rhashtable_lookup include/linux/rhashtable.h:646 [inline]
      rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
      ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]
      ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]
      ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185
      nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
      nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626
      nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269
      NF_HOOK include/linux/netfilter.h:312 [inline]
      ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309
      __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672
      __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785
      process_backlog+0x443/0x15f0 net/core/dev.c:6117
      __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883
      napi_poll net/core/dev.c:6952 [inline]
      net_rx_action+0xa94/0x1010 net/core/dev.c:7074
      handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
      __do_softirq kernel/softirq.c:595 [inline]
      invoke_softirq kernel/softirq.c:435 [inline]
      __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
      irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
      instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
      sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-005194
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0535cf7");
  # https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57900-72ad@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b5f9317");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-57900");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-57900");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.47', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Jan 2026 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.17.8
EPSS0.00254
SSVC
3