Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007467)

medium Nessus Plugin ID 307182

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007467 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak

 Fix a KMSAN kernel-infoleak detected by the syzbot .

 [net?] KMSAN: kernel-infoleak in __skb_datagram_iter

 In tcf_ife_dump(), the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nla_put() copies the entire structure into a netlink message, these uninitialized bytes leaked to userspace.

 Initialize the structure with memset before assigning its fields to ensure all members and padding are cleared prior to beign copied.

 This change silences the KMSAN report and prevents potential information leaks from the kernel memory.

 This fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures no infoleak.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?368bbaa2

http://www.nessus.org/u?fba64f33

https://nvd.nist.gov/vuln/detail/CVE-2025-40278

Plugin Details

Severity: Medium

ID: 307182

File Name: unity_linux_UTSA-2026-007467.nasl

Version: 1.1

Type: Local

Published: 4/17/2026

Updated: 4/17/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2025-40278

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2026

Vulnerability Publication Date: 12/6/2025

Reference Information

CVE: CVE-2025-40278