Lucene search
K

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010793)

🗓️ 21 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 5 Views

Unity Linux kernel update fixes a direct memory access leak in the ethernet driver that crashes receive buffers.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(308644);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_cve_id("CVE-2022-50679");

  script_name(english:"Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010793)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-010793 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    i40e: Fix DMA mappings leak

    During reallocation of RX buffers, new DMA mappings are created for
    those buffers.

    steps for reproduction:
    while :
    do
    for ((i=0; i<=8160; i=i+32))
    do
    ethtool -G enp130s0f0 rx $i tx $i
    sleep 0.5
    ethtool -g enp130s0f0
    done
    done

    This resulted in crash:
    i40e 0000:01:00.1: Unable to allocate memory for the Rx descriptor ring, size=65536
    Driver BUG
    WARNING: CPU: 0 PID: 4300 at net/core/xdp.c:141 xdp_rxq_info_unreg+0x43/0x50
    Call Trace:
    i40e_free_rx_resources+0x70/0x80 [i40e]
    i40e_set_ringparam+0x27c/0x800 [i40e]
    ethnl_set_rings+0x1b2/0x290
    genl_family_rcv_msg_doit.isra.15+0x10f/0x150
    genl_family_rcv_msg+0xb3/0x160
    ? rings_fill_reply+0x1a0/0x1a0
    genl_rcv_msg+0x47/0x90
    ? genl_family_rcv_msg+0x160/0x160
    netlink_rcv_skb+0x4c/0x120
    genl_rcv+0x24/0x40
    netlink_unicast+0x196/0x230
    netlink_sendmsg+0x204/0x3d0
    sock_sendmsg+0x4c/0x50
    __sys_sendto+0xee/0x160
    ? handle_mm_fault+0xbe/0x1e0
    ? syscall_trace_enter+0x1d3/0x2c0
    __x64_sys_sendto+0x24/0x30
    do_syscall_64+0x5b/0x1a0
    entry_SYSCALL_64_after_hwframe+0x65/0xca
    RIP: 0033:0x7f5eac8b035b
    Missing register, driver bug
    WARNING: CPU: 0 PID: 4300 at net/core/xdp.c:119 xdp_rxq_info_unreg_mem_model+0x69/0x140
    Call Trace:
    xdp_rxq_info_unreg+0x1e/0x50
    i40e_free_rx_resources+0x70/0x80 [i40e]
    i40e_set_ringparam+0x27c/0x800 [i40e]
    ethnl_set_rings+0x1b2/0x290
    genl_family_rcv_msg_doit.isra.15+0x10f/0x150
    genl_family_rcv_msg+0xb3/0x160
    ? rings_fill_reply+0x1a0/0x1a0
    genl_rcv_msg+0x47/0x90
    ? genl_family_rcv_msg+0x160/0x160
    netlink_rcv_skb+0x4c/0x120
    genl_rcv+0x24/0x40
    netlink_unicast+0x196/0x230
    netlink_sendmsg+0x204/0x3d0
    sock_sendmsg+0x4c/0x50
    __sys_sendto+0xee/0x160
    ? handle_mm_fault+0xbe/0x1e0
    ? syscall_trace_enter+0x1d3/0x2c0
    __x64_sys_sendto+0x24/0x30
    do_syscall_64+0x5b/0x1a0
    entry_SYSCALL_64_after_hwframe+0x65/0xca
    RIP: 0033:0x7f5eac8b035b

    This was caused because of new buffers with different RX ring count should
    substitute older ones, but those buffers were freed in
    i40e_configure_rx_ring and reallocated again with i40e_alloc_rx_bi,
    thus kfree on rx_bi caused leak of already mapped DMA.

    Fix this by reallocating ZC with rx_bi_zc struct when BPF program loads. Additionally
    reallocate back to rx_bi when BPF program unloads.

    If BPF program is loaded/unloaded and XSK pools are created, reallocate
    RX queues accordingly in XSP_SETUP_XSK_POOL handler.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-010793
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3bc4324f");
  # https://lore.kernel.org/linux-cve-announce/2025120949-CVE-2022-50679-b2b8@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1544d76f");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-50679");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-50679");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1050e|20.1060e|20.1070e([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1050e / 20.1060e / 20.1070e', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'sw_64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1050e',
    'pkgs': [
      {'reference':'kernel-5.10.0-26', 'sp':'1050e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1050e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1050e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1060e',
    'pkgs': [
      {'reference':'kernel-5.10.0-26', 'sp':'1060e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1060e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1060e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1060e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'release': '20',
    'sp': '1070e',
    'pkgs': [
      {'reference':'kernel-5.10.0-26', 'sp':'1070e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1070e', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1070e', 'cpu':'sw_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1070e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation