Lucene search
K

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005402)

🗓️ 04 Mar 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Unity Linux 20 security update fixes kernel scsi ses handling for enclosures with only a primary component.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(300533);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/04");

  script_cve_id("CVE-2023-53431");

  script_name(english:"Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005402)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-005402 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    scsi: ses: Handle enclosure with just a primary component gracefully

    This reverts commit 3fe97ff3d949 (scsi: ses: Don't attach if enclosure
    has no components) and introduces proper handling of case where there are
    no detected secondary components, but primary component (enumerated in
    num_enclosures) does exist. That fix was originally proposed by Ding Hui
    <[email protected]>.

    Completely ignoring devices that have one primary enclosure and no
    secondary one results in ses_intf_add() bailing completely

            scsi 2:0:0:254: enclosure has no enumerated components
            scsi 2:0:0:254: Failed to bind enclosure -12ven in valid configurations such

    even on valid configurations with 1 primary and 0 secondary enclosures as
    below:

            # sg_ses /dev/sg0
              3PARdata  SES               3321
            Supported diagnostic pages:
              Supported Diagnostic Pages [sdp] [0x0]
              Configuration (SES) [cf] [0x1]
              Short Enclosure Status (SES) [ses] [0x8]
            # sg_ses -p cf /dev/sg0
              3PARdata  SES               3321
            Configuration diagnostic page:
              number of secondary subenclosures: 0
              generation code: 0x0
              enclosure descriptor list
                Subenclosure identifier: 0 [primary]
                  relative ES process id: 0, number of ES processes: 1
                  number of type descriptor headers: 1
                  enclosure logical identifier (hex): 20000002ac02068d
                  enclosure vendor: 3PARdata  product: VV                rev: 3321
              type descriptor header and text list
                Element type: Unspecified, subenclosure id: 0
                  number of possible elements: 1

    The changelog for the original fix follows

    =====
    We can get a crash when disconnecting the iSCSI session,
    the call trace like this:

      [ffff00002a00fb70] kfree at ffff00000830e224
      [ffff00002a00fba0] ses_intf_remove at ffff000001f200e4
      [ffff00002a00fbd0] device_del at ffff0000086b6a98
      [ffff00002a00fc50] device_unregister at ffff0000086b6d58
      [ffff00002a00fc70] __scsi_remove_device at ffff00000870608c
      [ffff00002a00fca0] scsi_remove_device at ffff000008706134
      [ffff00002a00fcc0] __scsi_remove_target at ffff0000087062e4
      [ffff00002a00fd10] scsi_remove_target at ffff0000087064c0
      [ffff00002a00fd70] __iscsi_unbind_session at ffff000001c872c4
      [ffff00002a00fdb0] process_one_work at ffff00000810f35c
      [ffff00002a00fe00] worker_thread at ffff00000810f648
      [ffff00002a00fe70] kthread at ffff000008116e98

    In ses_intf_add, components count could be 0, and kcalloc 0 size scomp,
    but not saved in edev->component[i].scratch

    In this situation, edev->component[0].scratch is an invalid pointer,
    when kfree it in ses_intf_remove_enclosure, a crash like above would happen
    The call trace also could be other random cases when kfree cannot catch
    the invalid pointer

    We should not use edev->component[] array when the components count is 0
    We also need check index when use edev->component[] array in
    ses_enclosure_data_process
    =====

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-005402
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?29c2e2b6");
  # https://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53431-7eac@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a42ef267");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2023-53431");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-53431");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.7', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.7', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.7', 'sp':'1070e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.7', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Mar 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.5
EPSS0.00137
SSVC
6