Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005462)

medium Nessus Plugin ID 300850

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005462 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 nfsd: call op_release, even when op_func returns an error

 For ops with trivial replies, nfsd4_encode_operation will shortcut most of the encoding work and skip to just marshalling up the status.
 One of the things it skips is calling op_release. This could cause a memory leak in the layoutget codepath if there is an error at an inopportune time.

 Have the compound processing engine always call op_release, even when op_func sets an error in op->status. With this change, we also need nfsd4_block_get_device_info_scsi to set the gd_device pointer to NULL on error to avoid a double free.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?a0857c2a

http://www.nessus.org/u?5417c14a

https://nvd.nist.gov/vuln/detail/CVE-2023-53241

Plugin Details

Severity: Medium

ID: 300850

File Name: unity_linux_UTSA-2026-005462.nasl

Version: 1.1

Type: local

Published: 3/5/2026

Updated: 3/5/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2023-53241

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/2/2026

Vulnerability Publication Date: 5/3/2023

Reference Information

CVE: CVE-2023-53241