Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013362)

medium Nessus Plugin ID 307918

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013362 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 PCI: Fix pci_device_is_present() for VFs by checking PF

 pci_device_is_present() previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead.

 Wei Gong reported that if virtio I/O is in progress when the driver is unbound or 0 is written to /sys/.../sriov_numvfs, the virtio I/O operation hangs, which may result in output like this:

 task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002 Call Trace:
 schedule+0x4f/0xc0 blk_mq_freeze_queue_wait+0x69/0xa0 blk_mq_freeze_queue+0x1b/0x20 blk_cleanup_queue+0x3d/0xd0 virtblk_remove+0x3c/0xb0 [virtio_blk] virtio_dev_remove+0x4b/0x80 ...
 device_unregister+0x1b/0x60 unregister_virtio_device+0x18/0x30 virtio_pci_remove+0x41/0x80 pci_device_remove+0x3e/0xb0

 This happened because pci_device_is_present(VF) returned false in virtio_pci_remove(), so it called virtio_break_device(). The broken vq meant that vring_interrupt() skipped the vq.callback() that would have completed the virtio I/O operation via virtblk_done().

 [bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?610340a2

http://www.nessus.org/u?3f652918

https://nvd.nist.gov/vuln/detail/CVE-2022-50636

Plugin Details

Severity: Medium

ID: 307918

File Name: unity_linux_UTSA-2026-013362.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-50636

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/21/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-50636