Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005401)

medium Nessus Plugin ID 300594

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005401 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: target: iscsi: Fix timeout on deleted connection

 NOPIN response timer may expire on a deleted connection and crash with such logs:

 Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d

 BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace:
 iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860
 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410

 That is because nopin response timer may be re-started on nopin timer expiration.

 Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2025-38075

http://www.nessus.org/u?7d8af75b

http://www.nessus.org/u?56b3bbb3

Plugin Details

Severity: Medium

ID: 300594

File Name: unity_linux_UTSA-2026-005401.nasl

Version: 1.1

Type: local

Published: 3/4/2026

Updated: 3/4/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-38075

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/2/2026

Vulnerability Publication Date: 6/12/2025

Reference Information

CVE: CVE-2025-38075