Lucene search
K

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013063)

🗓️ 21 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Unity Linux 20.1070a security update fixes kernel netlink fdb dumps by using dev->addr_len.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(307850);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2023-53863");

  script_name(english:"Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013063)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-013063 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    netlink: do not hard code device address lenth in fdb dumps

    syzbot reports that some netdev devices do not have a six bytes
    address [1]

    Replace ETH_ALEN by dev->addr_len.

    [1] (Case of a device where dev->addr_len = 4)

    BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
    BUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169
    instrument_copy_to_user include/linux/instrumented.h:114 [inline]
    copyout+0xb8/0x100 lib/iov_iter.c:169
    _copy_to_iter+0x6d8/0x1d00 lib/iov_iter.c:536
    copy_to_iter include/linux/uio.h:206 [inline]
    simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513
    __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
    skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527
    skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]
    netlink_recvmsg+0x4ae/0x15a0 net/netlink/af_netlink.c:1970
    sock_recvmsg_nosec net/socket.c:1019 [inline]
    sock_recvmsg net/socket.c:1040 [inline]
    ____sys_recvmsg+0x283/0x7f0 net/socket.c:2722
    ___sys_recvmsg+0x223/0x840 net/socket.c:2764
    do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858
    __sys_recvmmsg net/socket.c:2937 [inline]
    __do_sys_recvmmsg net/socket.c:2960 [inline]
    __se_sys_recvmmsg net/socket.c:2953 [inline]
    __x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953
    do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
    entry_SYSCALL_64_after_hwframe+0x63/0xcd

    Uninit was stored to memory at:
    __nla_put lib/nlattr.c:1009 [inline]
    nla_put+0x1c6/0x230 lib/nlattr.c:1067
    nlmsg_populate_fdb_fill+0x2b8/0x600 net/core/rtnetlink.c:4071
    nlmsg_populate_fdb net/core/rtnetlink.c:4418 [inline]
    ndo_dflt_fdb_dump+0x616/0x840 net/core/rtnetlink.c:4456
    rtnl_fdb_dump+0x14ff/0x1fc0 net/core/rtnetlink.c:4629
    netlink_dump+0x9d1/0x1310 net/netlink/af_netlink.c:2268
    netlink_recvmsg+0xc5c/0x15a0 net/netlink/af_netlink.c:1995
    sock_recvmsg_nosec+0x7a/0x120 net/socket.c:1019
    ____sys_recvmsg+0x664/0x7f0 net/socket.c:2720
    ___sys_recvmsg+0x223/0x840 net/socket.c:2764
    do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858
    __sys_recvmmsg net/socket.c:2937 [inline]
    __do_sys_recvmmsg net/socket.c:2960 [inline]
    __se_sys_recvmmsg net/socket.c:2953 [inline]
    __x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953
    do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
    entry_SYSCALL_64_after_hwframe+0x63/0xcd

    Uninit was created at:
    slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716
    slab_alloc_node mm/slub.c:3451 [inline]
    __kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490
    kmalloc_trace+0x51/0x200 mm/slab_common.c:1057
    kmalloc include/linux/slab.h:559 [inline]
    __hw_addr_create net/core/dev_addr_lists.c:60 [inline]
    __hw_addr_add_ex+0x2e5/0x9e0 net/core/dev_addr_lists.c:118
    __dev_mc_add net/core/dev_addr_lists.c:867 [inline]
    dev_mc_add+0x9a/0x130 net/core/dev_addr_lists.c:885
    igmp6_group_added+0x267/0xbc0 net/ipv6/mcast.c:680
    ipv6_mc_up+0x296/0x3b0 net/ipv6/mcast.c:2754
    ipv6_mc_remap+0x1e/0x30 net/ipv6/mcast.c:2708
    addrconf_type_change net/ipv6/addrconf.c:3731 [inline]
    addrconf_notify+0x4d3/0x1d90 net/ipv6/addrconf.c:3699
    notifier_call_chain kernel/notifier.c:93 [inline]
    raw_notifier_call_chain+0xe4/0x430 kernel/notifier.c:461
    call_netdevice_notifiers_info net/core/dev.c:1935 [inline]
    call_netdevice_notifiers_extack net/core/dev.c:1973 [inline]
    call_netdevice_notifiers+0x1ee/0x2d0 net/core/dev.c:1987
    bond_enslave+0xccd/0x53f0 drivers/net/bonding/bond_main.c:1906
    do_set_master net/core/rtnetlink.c:2626 [inline]
    rtnl_newlink_create net/core/rtnetlink.c:3460 [inline]
    __rtnl_newlink net/core/rtnetlink.c:3660 [inline]
    rtnl_newlink+0x378c/0x40e0 net/core/rtnetlink.c:3673
    rtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6395
    netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2546
    rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6413
    netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
    netlink_unicast+0xf28/0x1230 net/netlink/af_
    ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-013063
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24bcdc98");
  # https://lore.kernel.org/linux-cve-announce/2025120905-CVE-2023-53863-8742@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9e8f6c12");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2023-53863");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-53863");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-79.10', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.10', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-79.10', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
EPSS0.00223
4