Detections
Analytics

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-003119)

high Nessus Plugin ID 284924

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003119 advisory.

 The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux- image-* package 4.8.0.41.52.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?70a3cc31

http://www.nessus.org/u?a13bf16e

http://www.nessus.org/u?957c1b3f

http://openwall.com/lists/oss-security/2017/03/29/2

http://www.nessus.org/u?2e303dc8

http://www.securityfocus.com/bid/97018

http://www.securitytracker.com/id/1038166

https://access.redhat.com/errata/RHSA-2017:2918

https://access.redhat.com/errata/RHSA-2017:2930

https://access.redhat.com/errata/RHSA-2017:2931

https://access.redhat.com/errata/RHSA-2019:4159

https://blog.trendmicro.com/results-pwn2own-2017-day-one/

http://www.nessus.org/u?2409c169

http://www.nessus.org/u?c25a6bb7

https://security-tracker.debian.org/tracker/CVE-2017-7184

https://source.android.com/security/bulletin/2017-05-01

https://twitter.com/thezdi/status/842126074435665920

Plugin Details

Severity: High

ID: 284924

File Name: unity_linux_UTSA-2026-003119.nasl

Version: 1.1

Type: local

Published: 1/15/2026

Updated: 1/15/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-7184

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/15/2026

Vulnerability Publication Date: 3/16/2017

Reference Information

CVE: CVE-2017-7184