Lucene search
K

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006956)

🗓️ 21 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Security update fixes uninitialized value in ext4_evict_inode to address kernel vulnerability.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(308190);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2022-50546");

  script_name(english:"Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006956)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-006956 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ext4: fix uninititialized value in 'ext4_evict_inode'

    Syzbot found the following issue:
    =====================================================
    BUG: KMSAN: uninit-value in ext4_evict_inode+0xdd/0x26b0 fs/ext4/inode.c:180
     ext4_evict_inode+0xdd/0x26b0 fs/ext4/inode.c:180
     evict+0x365/0x9a0 fs/inode.c:664
     iput_final fs/inode.c:1747 [inline]
     iput+0x985/0xdd0 fs/inode.c:1773
     __ext4_new_inode+0xe54/0x7ec0 fs/ext4/ialloc.c:1361
     ext4_mknod+0x376/0x840 fs/ext4/namei.c:2844
     vfs_mknod+0x79d/0x830 fs/namei.c:3914
     do_mknodat+0x47d/0xaa0
     __do_sys_mknodat fs/namei.c:3992 [inline]
     __se_sys_mknodat fs/namei.c:3989 [inline]
     __ia32_sys_mknodat+0xeb/0x150 fs/namei.c:3989
     do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
     __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
     do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
     do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
     entry_SYSENTER_compat_after_hwframe+0x70/0x82

    Uninit was created at:
     __alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5578
     alloc_pages+0xaae/0xd80 mm/mempolicy.c:2285
     alloc_slab_page mm/slub.c:1794 [inline]
     allocate_slab+0x1b5/0x1010 mm/slub.c:1939
     new_slab mm/slub.c:1992 [inline]
     ___slab_alloc+0x10c3/0x2d60 mm/slub.c:3180
     __slab_alloc mm/slub.c:3279 [inline]
     slab_alloc_node mm/slub.c:3364 [inline]
     slab_alloc mm/slub.c:3406 [inline]
     __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
     kmem_cache_alloc_lru+0x6f3/0xb30 mm/slub.c:3429
     alloc_inode_sb include/linux/fs.h:3117 [inline]
     ext4_alloc_inode+0x5f/0x860 fs/ext4/super.c:1321
     alloc_inode+0x83/0x440 fs/inode.c:259
     new_inode_pseudo fs/inode.c:1018 [inline]
     new_inode+0x3b/0x430 fs/inode.c:1046
     __ext4_new_inode+0x2a7/0x7ec0 fs/ext4/ialloc.c:959
     ext4_mkdir+0x4d5/0x1560 fs/ext4/namei.c:2992
     vfs_mkdir+0x62a/0x870 fs/namei.c:4035
     do_mkdirat+0x466/0x7b0 fs/namei.c:4060
     __do_sys_mkdirat fs/namei.c:4075 [inline]
     __se_sys_mkdirat fs/namei.c:4073 [inline]
     __ia32_sys_mkdirat+0xc4/0x120 fs/namei.c:4073
     do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
     __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
     do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
     do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
     entry_SYSENTER_compat_after_hwframe+0x70/0x82

    CPU: 1 PID: 4625 Comm: syz-executor.2 Not tainted 6.1.0-rc4-syzkaller-62821-gcb231e2f67ec #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
    =====================================================

    Now, 'ext4_alloc_inode()' didn't init 'ei->i_flags'. If new inode failed
    before set 'ei->i_flags' in '__ext4_new_inode()', then do 'iput()'. As after
    6bc0d63dad7f commit will access 'ei->i_flags' in 'ext4_evict_inode()' which
    will lead to access uninit-value.
    To solve above issue just init 'ei->i_flags' in 'ext4_alloc_inode()'.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-006956
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?04f86f1d");
  # https://lore.kernel.org/linux-cve-announce/2025100757-CVE-2022-50546-ef71@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d377ead");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-50546");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-50546");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1060a|20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1060a / 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1060a',
    'pkgs': [
      {'reference':'kernel-5.10.0-38', 'sp':'1060a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-38', 'sp':'1060a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-38', 'sp':'1060a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-38', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-38', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-38', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-38', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.17.8
EPSS0.00202
4