Lucene search
K

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-007499)

🗓️ 17 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Unity Linux kernel update fixes uninitialized lanes in ethtool link settings.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(307095);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2023-53798");

  script_name(english:"Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-007499)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-007499 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    ethtool: Fix uninitialized number of lanes

    It is not possible to set the number of lanes when setting link modes
    using the legacy IOCTL ethtool interface. Since 'struct
    ethtool_link_ksettings' is not initialized in this path, drivers receive
    an uninitialized number of lanes in 'struct
    ethtool_link_ksettings::lanes'.

    When this information is later queried from drivers, it results in the
    ethtool code making decisions based on uninitialized memory, leading to
    the following KMSAN splat [1]. In practice, this most likely only
    happens with the tun driver that simply returns whatever it got in the
    set operation.

    As far as I can tell, this uninitialized memory is not leaked to user
    space thanks to the 'ethtool_ops->cap_link_lanes_supported' check in
    linkmodes_prepare_data().

    Fix by initializing the structure in the IOCTL path. Did not find any
    more call sites that pass an uninitialized structure when calling
    'ethtool_ops::set_link_ksettings()'.

    [1]
    BUG: KMSAN: uninit-value in ethnl_update_linkmodes net/ethtool/linkmodes.c:273 [inline]
    BUG: KMSAN: uninit-value in ethnl_set_linkmodes+0x190b/0x19d0 net/ethtool/linkmodes.c:333
     ethnl_update_linkmodes net/ethtool/linkmodes.c:273 [inline]
     ethnl_set_linkmodes+0x190b/0x19d0 net/ethtool/linkmodes.c:333
     ethnl_default_set_doit+0x88d/0xde0 net/ethtool/netlink.c:640
     genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]
     genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
     genl_rcv_msg+0x141a/0x14c0 net/netlink/genetlink.c:1065
     netlink_rcv_skb+0x3f8/0x750 net/netlink/af_netlink.c:2577
     genl_rcv+0x40/0x60 net/netlink/genetlink.c:1076
     netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
     netlink_unicast+0xf41/0x1270 net/netlink/af_netlink.c:1365
     netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1942
     sock_sendmsg_nosec net/socket.c:724 [inline]
     sock_sendmsg net/socket.c:747 [inline]
     ____sys_sendmsg+0xa24/0xe40 net/socket.c:2501
     ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2555
     __sys_sendmsg net/socket.c:2584 [inline]
     __do_sys_sendmsg net/socket.c:2593 [inline]
     __se_sys_sendmsg net/socket.c:2591 [inline]
     __x64_sys_sendmsg+0x36b/0x540 net/socket.c:2591
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x63/0xcd

    Uninit was stored to memory at:
     tun_get_link_ksettings+0x37/0x60 drivers/net/tun.c:3544
     __ethtool_get_link_ksettings+0x17b/0x260 net/ethtool/ioctl.c:441
     ethnl_set_linkmodes+0xee/0x19d0 net/ethtool/linkmodes.c:327
     ethnl_default_set_doit+0x88d/0xde0 net/ethtool/netlink.c:640
     genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]
     genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
     genl_rcv_msg+0x141a/0x14c0 net/netlink/genetlink.c:1065
     netlink_rcv_skb+0x3f8/0x750 net/netlink/af_netlink.c:2577
     genl_rcv+0x40/0x60 net/netlink/genetlink.c:1076
     netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
     netlink_unicast+0xf41/0x1270 net/netlink/af_netlink.c:1365
     netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1942
     sock_sendmsg_nosec net/socket.c:724 [inline]
     sock_sendmsg net/socket.c:747 [inline]
     ____sys_sendmsg+0xa24/0xe40 net/socket.c:2501
     ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2555
     __sys_sendmsg net/socket.c:2584 [inline]
     __do_sys_sendmsg net/socket.c:2593 [inline]
     __se_sys_sendmsg net/socket.c:2591 [inline]
     __x64_sys_sendmsg+0x36b/0x540 net/socket.c:2591
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x63/0xcd

    Uninit was stored to memory at:
     tun_set_link_ksettings+0x37/0x60 drivers/net/tun.c:3553
     ethtool_set_link_ksettings+0x600/0x690 net/ethtool/ioctl.c:609
     __dev_ethtool net/ethtool/ioctl.c:3024 [inline]
     dev_ethtool+0x1db9/0x2a70 net/ethtool/ioctl.c:3078
     dev_ioctl+0xb07/0x1270 net/core/dev_ioctl.c:524
     sock_do_ioctl+0x295/0x540 net/socket.c:1213
     sock_i
    ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-007499
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a503cc2c");
  # https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53798-7845@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a222a4cc");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2023-53798");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-53798");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2211.5.0.0178.41', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.41', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2211.5.0.0178.41', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-4.19.90-2407.5.0.0287.88', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2407.5.0.0287.88', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2407.5.0.0287.88', 'sp':'1070e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.19.90-2407.5.0.0287.88', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.00168
4