Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013060)

medium Nessus Plugin ID 307740

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013060 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 usb: gadget: f_eem: Fix memory leak in eem_unwrap

 The existing code did not handle the failure case of usb_ep_queue in the command path, potentially leading to memory leaks.

 Improve error handling to free all allocated resources on usb_ep_queue failure. This patch continues to use goto logic for error handling, as the existing error handling is complex and not easily adaptable to auto-cleanup helpers.

 kmemleak results:
 unreferenced object 0xffffff895a512300 (size 240):
 backtrace:
 slab_post_alloc_hook+0xbc/0x3a4 kmem_cache_alloc+0x1b4/0x358 skb_clone+0x90/0xd8 eem_unwrap+0x1cc/0x36c unreferenced object 0xffffff8a157f4000 (size 256):
 backtrace:
 slab_post_alloc_hook+0xbc/0x3a4
 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 dwc3_gadget_ep_alloc_request+0x58/0x11c usb_ep_alloc_request+0x40/0xe4 eem_unwrap+0x204/0x36c unreferenced object 0xffffff8aadbaac00 (size 128):
 backtrace:
 slab_post_alloc_hook+0xbc/0x3a4
 __kmem_cache_alloc_node+0x1b4/0x2dc
 __kmalloc+0x64/0x1a8 eem_unwrap+0x218/0x36c unreferenced object 0xffffff89ccef3500 (size 64):
 backtrace:
 slab_post_alloc_hook+0xbc/0x3a4
 __kmem_cache_alloc_node+0x1b4/0x2dc kmalloc_trace+0x48/0x140 eem_unwrap+0x238/0x36c

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?e58ddbf4

http://www.nessus.org/u?fbd2561e

https://nvd.nist.gov/vuln/detail/CVE-2025-68289

Plugin Details

Severity: Medium

ID: 307740

File Name: unity_linux_UTSA-2026-013060.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-68289

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/21/2026

Vulnerability Publication Date: 12/9/2025

Reference Information

CVE: CVE-2025-68289