Lucene search
K

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013626)

🗓️ 22 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Update fixes SELinux convert_context in invalid context and enables GFP_KERNEL and GFP_ATOMIC.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(309402);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_cve_id("CVE-2022-50699");

  script_name(english:"Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013626)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-013626 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()

    The following warning was triggered on a hardware environment:

      SELinux: Converting 162 SID table entries...
      BUG: sleeping function called from invalid context at
           __might_sleep+0x60/0x74 0x0
      in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 5943, name: tar
      CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1
      Call trace:
       dump_backtrace+0x0/0x1c8
       show_stack+0x18/0x28
       dump_stack+0xe8/0x15c
       ___might_sleep+0x168/0x17c
       __might_sleep+0x60/0x74
       __kmalloc_track_caller+0xa0/0x7dc
       kstrdup+0x54/0xac
       convert_context+0x48/0x2e4
       sidtab_context_to_sid+0x1c4/0x36c
       security_context_to_sid_core+0x168/0x238
       security_context_to_sid_default+0x14/0x24
       inode_doinit_use_xattr+0x164/0x1e4
       inode_doinit_with_dentry+0x1c0/0x488
       selinux_d_instantiate+0x20/0x34
       security_d_instantiate+0x70/0xbc
       d_splice_alias+0x4c/0x3c0
       ext4_lookup+0x1d8/0x200 [ext4]
       __lookup_slow+0x12c/0x1e4
       walk_component+0x100/0x200
       path_lookupat+0x88/0x118
       filename_lookup+0x98/0x130
       user_path_at_empty+0x48/0x60
       vfs_statx+0x84/0x140
       vfs_fstatat+0x20/0x30
       __se_sys_newfstatat+0x30/0x74
       __arm64_sys_newfstatat+0x1c/0x2c
       el0_svc_common.constprop.0+0x100/0x184
       do_el0_svc+0x1c/0x2c
       el0_svc+0x20/0x34
       el0_sync_handler+0x80/0x17c
       el0_sync+0x13c/0x140
      SELinux: Context system_u:object_r:pssp_rsyslog_log_t:s0:c0 is
               not valid (left unmapped).

    It was found that within a critical section of spin_lock_irqsave in
    sidtab_context_to_sid(), convert_context() (hooked by
    sidtab_convert_params.func) might cause the process to sleep via
    allocating memory with GFP_KERNEL, which is problematic.

    As Ondrej pointed out [1], convert_context()/sidtab_convert_params.func
    has another caller sidtab_convert_tree(), which is okay with GFP_KERNEL.
    Therefore, fix this problem by adding a gfp_t argument for
    convert_context()/sidtab_convert_params.func and pass GFP_KERNEL/_ATOMIC
    properly in individual callers.

    [PM: wrap long BUG() output lines, tweak subject line]

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-013626
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?19dbf194");
  # https://lore.kernel.org/linux-cve-announce/2025122417-CVE-2022-50699-ddde@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?119aa8cd");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-50699");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-50699");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-26', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-26', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Apr 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
EPSS0.00168
3