Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005100)

high Nessus Plugin ID 296838

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005100 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 xfs: add bounds checking to xlog_recover_process_data

 There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data.

 We can create a crafted image to trigger an out of bounds read by following these steps:
 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc

 Fix:
 Add a check to make sure there is sufficient space to access fixed members of xlog_op_header.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?3b9b0a98

https://nvd.nist.gov/vuln/detail/CVE-2024-41014

Plugin Details

Severity: High

ID: 296838

File Name: unity_linux_UTSA-2026-005100.nasl

Version: 1.1

Type: local

Published: 1/27/2026

Updated: 1/27/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C

CVSS Score Source: CVE-2024-41014

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 1/28/2026

Vulnerability Publication Date: 7/29/2024

Reference Information

CVE: CVE-2024-41014