Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006744)

medium Nessus Plugin ID 305474

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006744 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: ctnetlink: fix refcount leak on table dump

 There is a reference count leak in ctnetlink_dump_table():
 if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE cb->args[1] = (unsigned long)ct;
 ...

 While its very unlikely, its possible that ct == last.
 If this happens, then the refcount of ct was already incremented.
 This 2nd increment is never undone.

 This prevents the conntrack object from being released, which in turn keeps prevents cnet->count from dropping back to 0.

 This will then block the netns dismantle (or conntrack rmmod) as nf_conntrack_cleanup_net_list() will wait forever.

 This can be reproduced by running conntrack_resize.sh selftest in a loop.
 It takes ~20 minutes for me on a preemptible kernel on average before I see a runaway kworker spinning in nf_conntrack_cleanup_net_list.

 One fix would to change this to:
 if (res < 0) { if (ct != last) nf_conntrack_get(&ct->ct_general);

 But this reference counting isn't needed in the first place.
 We can just store a cookie value instead.

 A followup patch will do the same for ctnetlink_exp_dump_table, it looks to me as if this has the same problem and like ctnetlink_dump_table, we only need a 'skip hint', not the actual object so we can apply the same cookie strategy there as well.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?fafe93c6

http://www.nessus.org/u?adb91ab4

https://nvd.nist.gov/vuln/detail/CVE-2025-38721

Plugin Details

Severity: Medium

ID: 305474

File Name: unity_linux_UTSA-2026-006744.nasl

Version: 1.1

Type: Local

Published: 4/8/2026

Updated: 4/8/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-38721

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/8/2026

Vulnerability Publication Date: 6/10/2025

Reference Information

CVE: CVE-2025-38721