Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007222)

medium Nessus Plugin ID 306891

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007222 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 vsock/virtio: free queued packets when closing socket

 As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b (vsock/virtio: free packets during the socket release), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work.

 To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock().

 [1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?2a333879

http://www.nessus.org/u?4b989dd4

https://nvd.nist.gov/vuln/detail/CVE-2021-47024

Plugin Details

Severity: Medium

ID: 306891

File Name: unity_linux_UTSA-2026-007222.nasl

Version: 1.1

Type: Local

Published: 4/17/2026

Updated: 4/17/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2021-47024

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2026

Vulnerability Publication Date: 1/28/2022

Reference Information

CVE: CVE-2021-47024