Detections
Analytics
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003928)
medium Nessus Plugin ID 288803
Synopsis
The Unity Linux host is missing one or more security updates.Description
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003928 advisory.The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Tenable has extracted the preceding description block directly from the Unity Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel package.See Also
http://www.nessus.org/u?a5f6708a
http://www.nessus.org/u?6e0130a5
http://www.nessus.org/u?31af4c97
http://www.nessus.org/u?25dad453
http://www.nessus.org/u?a9ef1ed9
http://www.nessus.org/u?d16653cd
http://www.securityfocus.com/bid/106478
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2473
https://access.redhat.com/errata/RHSA-2019:2808
https://access.redhat.com/errata/RHSA-2019:2809
https://access.redhat.com/errata/RHSA-2019:2837
https://access.redhat.com/errata/RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:4056
https://access.redhat.com/errata/RHSA-2019:4057
https://access.redhat.com/errata/RHSA-2019:4058
https://access.redhat.com/errata/RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4164
https://access.redhat.com/errata/RHSA-2019:4255
https://access.redhat.com/errata/RHSA-2020:0204
https://arxiv.org/abs/1901.01161
https://bugzilla.suse.com/show_bug.cgi?id=1120843
http://www.nessus.org/u?ce8deb5a
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
https://seclists.org/bugtraq/2019/Jun/26
https://security-tracker.debian.org/tracker/CVE-2019-5489
https://security.netapp.com/advisory/ntap-20190307-0001/
https://www.debian.org/security/2019/dsa-4465
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
Plugin Details
Severity: Medium
ID: 288803
File Name: unity_linux_UTSA-2026-003928.nasl
Version: 1.2
Type: local
Published: 1/16/2026
Updated: 1/17/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2019-5489
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/16/2026
Vulnerability Publication Date: 1/7/2019
Reference Information
CVE: CVE-2019-5489