Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013097)

high Nessus Plugin ID 307771

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013097 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto

 syzbot reported a possible shift-out-of-bounds [1]

 Blamed commit added rto_alpha_max and rto_beta_max set to 1000.

 It is unclear if some sctp users are setting very large rto_alpha and/or rto_beta.

 In order to prevent user regression, perform the test at run time.

 Also add READ_ONCE() annotations as sysctl values can change under us.

 [1]

 UBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41 shift exponent 64 is too large for 32-bit type 'unsigned int' CPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:233 [inline]
 __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494 sctp_transport_update_rto.cold+0x1c/0x34b net/sctp/transport.c:509 sctp_check_transmitted+0x11c4/0x1c30 net/sctp/outqueue.c:1502 sctp_outq_sack+0x4ef/0x1b20 net/sctp/outqueue.c:1338 sctp_cmd_process_sack net/sctp/sm_sideeffect.c:840 [inline] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1372 [inline]

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?bb575d87

http://www.nessus.org/u?6e0db545

https://nvd.nist.gov/vuln/detail/CVE-2025-40281

Plugin Details

Severity: High

ID: 307771

File Name: unity_linux_UTSA-2026-013097.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-40281

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/21/2026

Vulnerability Publication Date: 12/6/2025

Reference Information

CVE: CVE-2025-40281