Lucene search
K

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013654)

🗓️ 22 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Unity Linux 20.1070a security update fixes mips bcm6358 RAC flush to prevent kernel panics on boot.

Related
Refs
Code
ReporterTitlePublishedViews
Family
AstraLinux
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
20 May 202605:53
astralinux
CNNVD
Linux kernel 安全漏洞
24 Dec 202500:00
cnnvd
CVE
CVE-2023-53986
24 Dec 202510:55
cve
Cvelist
CVE-2023-53986 mips: bmips: BCM6358: disable RAC flush for TP1
24 Dec 202510:55
cvelist
Debian CVE
CVE-2023-53986
24 Dec 202510:55
debiancve
EUVD
EUVD-2025-205156
24 Dec 202512:30
euvd
NVD
CVE-2023-53986
24 Dec 202511:15
nvd
OSV
BELL-CVE-2023-53986
27 Dec 202506:07
osv
OSV
CVE-2023-53986 mips: bmips: BCM6358: disable RAC flush for TP1
24 Dec 202510:55
osv
OSV
DEBIAN-CVE-2023-53986
24 Dec 202511:15
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(309242);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_cve_id("CVE-2023-53986");

  script_name(english:"Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013654)");

  script_set_attribute(attribute:"synopsis", value:
"The Unity Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the
UTSA-2026-013654 advisory.

    In the Linux kernel, the following vulnerability has been resolved:

    mips: bmips: BCM6358: disable RAC flush for TP1

    RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1:
    [    3.881739] usb 1-1: new high-speed USB device number 2 using ehci-platform
    [    3.895011] Reserved instruction in kernel code[#1]:
    [    3.900113] CPU: 0 PID: 1 Comm: init Not tainted 5.10.16 #0
    [    3.905829] $ 0   : 00000000 10008700 00000000 77d94060
    [    3.911238] $ 4   : 7fd1f088 00000000 81431cac 81431ca0
    [    3.916641] $ 8   : 00000000 ffffefff 8075cd34 00000000
    [    3.922043] $12   : 806f8d40 f3e812b7 00000000 000d9aaa
    [    3.927446] $16   : 7fd1f068 7fd1f080 7ff559b8 81428470
    [    3.932848] $20   : 00000000 00000000 55590000 77d70000
    [    3.938251] $24   : 00000018 00000010
    [    3.943655] $28   : 81430000 81431e60 81431f28 800157fc
    [    3.949058] Hi    : 00000000
    [    3.952013] Lo    : 00000000
    [    3.955019] epc   : 80015808 setup_sigcontext+0x54/0x24c
    [    3.960464] ra    : 800157fc setup_sigcontext+0x48/0x24c
    [    3.965913] Status: 10008703 KERNEL EXL IE
    [    3.970216] Cause : 00800028 (ExcCode 0a)
    [    3.974340] PrId  : 0002a010 (Broadcom BMIPS4350)
    [    3.979170] Modules linked in: ohci_platform ohci_hcd fsl_mph_dr_of ehci_platform ehci_fsl ehci_hcd
    gpio_button_hotplug usbcore nls_base usb_common
    [    3.992907] Process init (pid: 1, threadinfo=(ptrval), task=(ptrval), tls=77e22ec8)
    [    4.000776] Stack : 81431ef4 7fd1f080 81431f28 81428470 7fd1f068 81431edc 7ff559b8 81428470
    [    4.009467]         81431f28 7fd1f080 55590000 77d70000 77d5498c 80015c70 806f0000 8063ae74
    [    4.018149]         08100002 81431f28 0000000a 08100002 81431f28 0000000a 77d6b418 00000003
    [    4.026831]         ffffffff 80016414 80080734 81431ecc 81431ecc 00000001 00000000 04000000
    [    4.035512]         77d54874 00000000 00000000 00000000 00000000 00000012 00000002 00000000
    [    4.044196]         ...
    [    4.046706] Call Trace:
    [    4.049238] [<80015808>] setup_sigcontext+0x54/0x24c
    [    4.054356] [<80015c70>] setup_frame+0xdc/0x124
    [    4.059015] [<80016414>] do_notify_resume+0x1dc/0x288
    [    4.064207] [<80011b50>] work_notifysig+0x10/0x18
    [    4.069036]
    [    4.070538] Code: 8fc300b4  00001025  26240008 <ac820000> ac830004  3c048063  0c0228aa  24846a00
    26240010
    [    4.080686]
    [    4.082517] ---[ end trace 22a8edb41f5f983b ]---
    [    4.087374] Kernel panic - not syncing: Fatal exception
    [    4.092753] Rebooting in 1 seconds..

    Because the bootloader (CFE) is not initializing the Read-ahead cache properly
    on the second thread (TP1). Since the RAC was not initialized properly, we
    should avoid flushing it at the risk of corrupting the instruction stream as
    seen in the trace above.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2026-013654
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?08fdb599");
  # https://lore.kernel.org/linux-cve-announce/2025122422-CVE-2023-53986-14c4@gregkh
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10e55b31");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2023-53986");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-53986");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Unity Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/UOS-Server/release", "Host/UOS-Server/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'UOS Server' >!< os_product) audit(AUDIT_OS_NOT, 'UOS Server');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'UOS Server');
if (! preg(pattern:"^20.1070a([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'UOS Server 20.1070a', 'UOS Server ' + os_version);

if (!get_kb_item('Host/UOS-Server/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'amd64' >!< cpu && 'loongarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'UOS Server', cpu);


var constraints = [
  {
    'release': '20',
    'sp': '1070a',
    'pkgs': [
      {'reference':'kernel-5.10.0-42', 'sp':'1070a', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-42', 'sp':'1070a', 'cpu':'amd64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-42', 'sp':'1070a', 'cpu':'loongarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-5.10.0-42', 'sp':'1070a', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}


if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Apr 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7
EPSS0.00173
3