Lucene search
K

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007494)

🗓️ 17 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Unity Linux 20.1050e kernel patch fixes netfilter conntrack hash resize serialization vulnerability.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(307128);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2021-47408");

  script_name(english:"Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007494)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-007494 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    netfilter: conntrack: serialize hash resizes and cleanups

    Syzbot was able to trigger the following warning [1]

    No repro found by syzbot yet but I was able to trigger similar issue
    by having 2 scripts running in parallel, changing conntrack hash sizes,
    and:

    for j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done

    It would take more than 5 minutes for net_namespace structures
    to be cleaned up.

    This is because nf_ct_iterate_cleanup() has to restart everytime
    a resize happened.

    By adding a mutex, we can serialize hash resizes and cleanups
    and also make get_next_corpse() faster by skipping over empty
    buckets.

    Even without resizes in the picture, this patch considerably
    speeds up network namespace dismantles.

    [1]
    INFO: task syz-executor.0:8312 can't die for more than 144 seconds.
    task:syz-executor.0  state:R  running task     stack:25672 pid: 8312 ppid:  6573 flags:0x00004006
    Call Trace:
     context_switch kernel/sched/core.c:4955 [inline]
     __schedule+0x940/0x26f0 kernel/sched/core.c:6236
     preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6408
     preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35
     __local_bh_enable_ip+0x109/0x120 kernel/softirq.c:390
     local_bh_enable include/linux/bottom_half.h:32 [inline]
     get_next_corpse net/netfilter/nf_conntrack_core.c:2252 [inline]
     nf_ct_iterate_cleanup+0x15a/0x450 net/netfilter/nf_conntrack_core.c:2275
     nf_conntrack_cleanup_net_list+0x14c/0x4f0 net/netfilter/nf_conntrack_core.c:2469
     ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171
     setup_net+0x639/0xa30 net/core/net_namespace.c:349
     copy_net_ns+0x319/0x760 net/core/net_namespace.c:470
     create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
     unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
     ksys_unshare+0x445/0x920 kernel/fork.c:3128
     __do_sys_unshare kernel/fork.c:3202 [inline]
     __se_sys_unshare kernel/fork.c:3200 [inline]
     __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3200
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x44/0xae
    RIP: 0033:0x7f63da68e739
    RSP: 002b:00007f63d7c05188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
    RAX: ffffffffffffffda RBX: 00007f63da792f80 RCX: 00007f63da68e739
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
    RBP: 00007f63da6e8cc4 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000246 R12: 00007f63da792f80
    R13: 00007fff50b75d3f R14: 00007f63d7c05300 R15: 0000000000022000

    Showing all locks held in the system:
    1 lock held by khungtaskd/27:
     #0: ffffffff8b980020 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
    kernel/locking/lockdep.c:6446
    2 locks held by kworker/u4:2/153:
     #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set
    arch/x86/include/asm/atomic64_64.h:34 [inline]
     #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set
    include/linux/atomic/atomic-long.h:41 [inline]
     #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set
    include/linux/atomic/atomic-instrumented.h:1198 [inline]
     #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data
    kernel/workqueue.c:634 [inline]
     #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending
    kernel/workqueue.c:661 [inline]
     #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x896/0x1690
    kernel/workqueue.c:2268
     #1: ffffc9000140fdb0 ((kfence_timer).work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690
    kernel/workqueue.c:2272
    1 lock held by systemd-udevd/2970:
    1 lock held by in:imklog/6258:
     #0: ffff88807f970ff0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990
    3 locks held by kworker/1:6/8158:
    1 lock held by syz-executor.0/8312:
    2 locks held by kworker/u4:13/9320:
    1 lock held by
    ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-007494
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?38da51c6");
  # https://lore.kernel.org/linux-cve-announce/2024052151-CVE-2021-47408-ad88@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?36530d4c");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2021-47408");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-47408");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e|20.1060e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e / 20.1060e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.27', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.27', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.27', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1060e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2305.1.0.0199.86', 'sp':'1060e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2305.1.0.0199.86', 'sp':'1060e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2305.1.0.0199.86', 'sp':'1060e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2407.1.0', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2407.1.0', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2407.1.0', 'sp':'1070e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2407.1.0', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.14.7 - 5.5
EPSS0.00253
SSVC
4