Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006753)

medium Nessus Plugin ID 305552

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006753 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 sctp: initialize more fields in sctp_v6_from_sk()

 syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior.

 Clear sin6_scope_id and sin6_flowinfo.

 BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649
 __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983 sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390 sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452 sctp_get_port net/sctp/socket.c:8523 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636
 __sys_listen_socket net/socket.c:1912 [inline]
 __sys_listen net/socket.c:1927 [inline]
 __do_sys_listen net/socket.c:1932 [inline]
 __se_sys_listen net/socket.c:1930 [inline]
 __x64_sys_listen+0x343/0x4c0 net/socket.c:1930 x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f

 Local variable addr.i.i created at:
 sctp_get_port net/sctp/socket.c:8515 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636
 __sys_listen_socket net/socket.c:1912 [inline]
 __sys_listen net/socket.c:1927 [inline]
 __do_sys_listen net/socket.c:1932 [inline]
 __se_sys_listen net/socket.c:1930 [inline]
 __x64_sys_listen+0x343/0x4c0 net/socket.c:1930

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?d6cb8de4

http://www.nessus.org/u?7df714ef

https://nvd.nist.gov/vuln/detail/CVE-2025-39812

Plugin Details

Severity: Medium

ID: 305552

File Name: unity_linux_UTSA-2026-006753.nasl

Version: 1.1

Type: Local

Published: 4/8/2026

Updated: 4/8/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-39812

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/8/2026

Vulnerability Publication Date: 9/16/2025

Reference Information

CVE: CVE-2025-39812