Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007604)

medium Nessus Plugin ID 307094

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007604 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

 Patch series nilfs2: fix null-ptr-deref bugs on block tracepoints.

 This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints.


 This patch (of 2):

 It has been reported that when using block:block_touch_buffer tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled.

 This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller.

 Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place.

 So this solves the issue by eliminating the touch_buffer() call itself.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?e173ca75

https://nvd.nist.gov/vuln/detail/CVE-2024-53131

Plugin Details

Severity: Medium

ID: 307094

File Name: unity_linux_UTSA-2026-007604.nasl

Version: 1.1

Type: Local

Published: 4/17/2026

Updated: 4/17/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-53131

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2026

Vulnerability Publication Date: 12/4/2024

Reference Information

CVE: CVE-2024-53131