Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013294)

high Nessus Plugin ID 307988

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013294 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()

 The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected.

 At the end of nilfs_segctor_thread(), it assigns NULL to sc_task member of struct nilfs_sc_info to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this using waitqueue sc_wait_task on the struct nilfs_sc_info.

 However, here, immediately after the NULL assignment to sc_task, it is possible that nilfs_segctor_kill_thread() will detect it and return to continue the deallocation, freeing the nilfs_sc_info structure before the thread does the notification.

 This fixes the issue by protecting the NULL assignment to sc_task and its notification, with spinlock sc_state_lock of the struct nilfs_sc_info. Since nilfs_segctor_kill_thread() does a final check to see if sc_task is NULL with sc_state_lock locked, this can eliminate the race.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?cead821e

http://www.nessus.org/u?3708f268

https://nvd.nist.gov/vuln/detail/CVE-2023-53608

Plugin Details

Severity: High

ID: 307988

File Name: unity_linux_UTSA-2026-013294.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-53608

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/21/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2023-53608