Detections
Analytics
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003777)
high Nessus Plugin ID 288643
Synopsis
The Unity Linux host is missing one or more security updates.Description
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003777 advisory.A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Tenable has extracted the preceding description block directly from the Unity Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel package.See Also
http://www.nessus.org/u?640e1070
http://www.nessus.org/u?00315267
http://www.nessus.org/u?e9f5a89f
http://www.nessus.org/u?d96e3f8e
http://www.nessus.org/u?8cf4f176
http://www.nessus.org/u?70bd9b7a
http://www.nessus.org/u?7e31b00e
http://www.openwall.com/lists/oss-security/2019/09/24/1
http://www.openwall.com/lists/oss-security/2019/10/03/1
http://www.openwall.com/lists/oss-security/2019/10/09/3
http://www.openwall.com/lists/oss-security/2019/10/09/7
https://access.redhat.com/errata/RHBA-2019:2824
https://access.redhat.com/errata/RHSA-2019:2827
https://access.redhat.com/errata/RHSA-2019:2828
https://access.redhat.com/errata/RHSA-2019:2829
https://access.redhat.com/errata/RHSA-2019:2830
https://access.redhat.com/errata/RHSA-2019:2854
https://access.redhat.com/errata/RHSA-2019:2862
https://access.redhat.com/errata/RHSA-2019:2863
https://access.redhat.com/errata/RHSA-2019:2864
https://access.redhat.com/errata/RHSA-2019:2865
https://access.redhat.com/errata/RHSA-2019:2866
https://access.redhat.com/errata/RHSA-2019:2867
https://access.redhat.com/errata/RHSA-2019:2869
https://access.redhat.com/errata/RHSA-2019:2889
https://access.redhat.com/errata/RHSA-2019:2899
https://access.redhat.com/errata/RHSA-2019:2900
https://access.redhat.com/errata/RHSA-2019:2901
https://access.redhat.com/errata/RHSA-2019:2924
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
http://www.nessus.org/u?b02665f3
http://www.nessus.org/u?f3eb988f
https://seclists.org/bugtraq/2019/Nov/11
https://seclists.org/bugtraq/2019/Sep/41
https://security-tracker.debian.org/tracker/CVE-2019-14835
https://security.netapp.com/advisory/ntap-20191031-0005/
https://usn.ubuntu.com/4135-1/
https://usn.ubuntu.com/4135-2/
Plugin Details
Severity: High
ID: 288643
File Name: unity_linux_UTSA-2026-003777.nasl
Version: 1.1
Type: local
Published: 1/16/2026
Updated: 1/16/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-14835
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/16/2026
Vulnerability Publication Date: 9/17/2019
Reference Information
CVE: CVE-2019-14835