Detections
Analytics

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013000)

medium Nessus Plugin ID 307802

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013000 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 netlink: annotate lockless accesses to nlk->max_recvmsg_len

 syzbot reported a data-race in data-race in netlink_recvmsg() [1]

 Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs protection.

 [1] BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg

 read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0:
 netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline]
 __sys_recvfrom+0x1ee/0x2e0 net/socket.c:2194
 __do_sys_recvfrom net/socket.c:2212 [inline]
 __se_sys_recvfrom net/socket.c:2208 [inline]
 __x64_sys_recvfrom+0x78/0x90 net/socket.c:2208 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

 write to 0xffff888141840b38 of 8 bytes by task 23037 on cpu 1:
 netlink_recvmsg+0x114/0x730 net/netlink/af_netlink.c:1989 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline]
 ____sys_recvmsg+0x156/0x310 net/socket.c:2720
 ___sys_recvmsg net/socket.c:2762 [inline] do_recvmmsg+0x2e5/0x710 net/socket.c:2856
 __sys_recvmmsg net/socket.c:2935 [inline]
 __do_sys_recvmmsg net/socket.c:2958 [inline]
 __se_sys_recvmmsg net/socket.c:2951 [inline]
 __x64_sys_recvmmsg+0xe2/0x160 net/socket.c:2951 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

 value changed: 0x0000000000000000 -> 0x0000000000001000

 Reported by Kernel Concurrency Sanitizer on:
 CPU: 1 PID: 23037 Comm: syz-executor.2 Not tainted 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?45168b00

http://www.nessus.org/u?b13c4d60

https://nvd.nist.gov/vuln/detail/CVE-2023-53824

Plugin Details

Severity: Medium

ID: 307802

File Name: unity_linux_UTSA-2026-013000.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-53824

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/21/2026

Vulnerability Publication Date: 5/3/2023

Reference Information

CVE: CVE-2023-53824