Lucene search
K

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006682)

🗓️ 08 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Security update fixes ARM panic by disabling kasan for kprobe emulation.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(305415);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/08");

  script_cve_id("CVE-2021-47618");

  script_name(english:"Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006682)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-006682 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ARM: 9170/1: fix panic when kasan and kprobe are enabled

    arm32 uses software to simulate the instruction replaced
    by kprobe. some instructions may be simulated by constructing
    assembly functions. therefore, before executing instruction
    simulation, it is necessary to construct assembly function
    execution environment in C language through binding registers.
    after kasan is enabled, the register binding relationship will
    be destroyed, resulting in instruction simulation errors and
    causing kernel panic.

    the kprobe emulate instruction function is distributed in three
    files: actions-common.c actions-arm.c actions-thumb.c, so disable
    KASAN when compiling these files.

    for example, use kprobe insert on cap_capable+20 after kasan
    enabled, the cap_capable assembly code is as follows:
    <cap_capable>:
    e92d47f0        push    {r4, r5, r6, r7, r8, r9, sl, lr}
    e1a05000        mov     r5, r0
    e280006c        add     r0, r0, #108    ; 0x6c
    e1a04001        mov     r4, r1
    e1a06002        mov     r6, r2
    e59fa090        ldr     sl, [pc, #144]  ;
    ebfc7bf8        bl      c03aa4b4 <__asan_load4>
    e595706c        ldr     r7, [r5, #108]  ; 0x6c
    e2859014        add     r9, r5, #20
    ......
    The emulate_ldr assembly code after enabling kasan is as follows:
    c06f1384 <emulate_ldr>:
    e92d47f0        push    {r4, r5, r6, r7, r8, r9, sl, lr}
    e282803c        add     r8, r2, #60     ; 0x3c
    e1a05000        mov     r5, r0
    e7e37855        ubfx    r7, r5, #16, #4
    e1a00008        mov     r0, r8
    e1a09001        mov     r9, r1
    e1a04002        mov     r4, r2
    ebf35462        bl      c03c6530 <__asan_load4>
    e357000f        cmp     r7, #15
    e7e36655        ubfx    r6, r5, #12, #4
    e205a00f        and     sl, r5, #15
    0a000001        beq     c06f13bc <emulate_ldr+0x38>
    e0840107        add     r0, r4, r7, lsl #2
    ebf3545c        bl      c03c6530 <__asan_load4>
    e084010a        add     r0, r4, sl, lsl #2
    ebf3545a        bl      c03c6530 <__asan_load4>
    e2890010        add     r0, r9, #16
    ebf35458        bl      c03c6530 <__asan_load4>
    e5990010        ldr     r0, [r9, #16]
    e12fff30        blx     r0
    e356000f        cm      r6, #15
    1a000014        bne     c06f1430 <emulate_ldr+0xac>
    e1a06000        mov     r6, r0
    e2840040        add     r0, r4, #64     ; 0x40
    ......

    when running in emulate_ldr to simulate the ldr instruction, panic
    occurred, and the log is as follows:
    Unable to handle kernel NULL pointer dereference at virtual address
    00000090
    pgd = ecb46400
    [00000090] *pgd=2e0fa003, *pmd=00000000
    Internal error: Oops: 206 [#1] SMP ARM
    PC is at cap_capable+0x14/0xb0
    LR is at emulate_ldr+0x50/0xc0
    psr: 600d0293 sp : ecd63af8  ip : 00000004  fp : c0a7c30c
    r10: 00000000  r9 : c30897f4  r8 : ecd63cd4
    r7 : 0000000f  r6 : 0000000a  r5 : e59fa090  r4 : ecd63c98
    r3 : c06ae294  r2 : 00000000  r1 : b7611300  r0 : bf4ec008
    Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
    Control: 32c5387d  Table: 2d546400  DAC: 55555555
    Process bash (pid: 1643, stack limit = 0xecd60190)
    (cap_capable) from (kprobe_handler+0x218/0x340)
    (kprobe_handler) from (kprobe_trap_handler+0x24/0x48)
    (kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)
    (do_undefinstr) from (__und_svc_finish+0x0/0x30)
    (__und_svc_finish) from (cap_capable+0x18/0xb0)
    (cap_capable) from (cap_vm_enough_memory+0x38/0x48)
    (cap_vm_enough_memory) from
    (security_vm_enough_memory_mm+0x48/0x6c)
    (security_vm_enough_memory_mm) from
    (copy_process.constprop.5+0x16b4/0x25c8)
    (copy_process.constprop.5) from (_do_fork+0xe8/0x55c)
    (_do_fork) from (SyS_clone+0x1c/0x24)
    (SyS_clone) from (__sys_trace_return+0x0/0x10)
    Code: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-006682
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4b2436a9");
  # https://lore.kernel.org/linux-cve-announce/2024062007-CVE-2021-47618-fd65@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce6964e2");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2021-47618");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-47618");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/06/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.51', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.51', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.51', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Apr 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.15.5
EPSS0.00238
SSVC
4