Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007302)

high Nessus Plugin ID 306925

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007302 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 nilfs2: fix OOB in nilfs_set_de_type

 The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as S_IFMT >> S_SHIFT, but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as (mode & S_IFMT) >> S_SHIFT.

 static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
 *inode) { umode_t mode = inode->i_mode;

 de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob }

 However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition mode & S_IFMT == S_IFMT is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?ad60d174

https://nvd.nist.gov/vuln/detail/CVE-2024-26981

Plugin Details

Severity: High

ID: 306925

File Name: unity_linux_UTSA-2026-007302.nasl

Version: 1.1

Type: Local

Published: 4/17/2026

Updated: 4/17/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-26981

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2026

Vulnerability Publication Date: 4/27/2024

Reference Information

CVE: CVE-2024-26981