Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013191)

medium Nessus Plugin ID 308025

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013191 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Address KCSAN report on bpf_lru_list

 KCSAN reported a data-race when accessing node->ref.
 Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE() pattern instead of data_race().

 There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().
 This patch also adds bpf_lru_node_clear_ref() to do the WRITE_ONCE(node->ref, 0) also.

 ================================================================== BUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem

 write to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:
 __bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]
 __bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]
 __bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240 bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline] bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline] bpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499 prealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]
 __htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316 bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313 bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687 bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
 __sys_bpf+0x338/0x810
 __do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

 read to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:
 bpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]
 __htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332 bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313 bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687 bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
 __sys_bpf+0x338/0x810
 __do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

 value changed: 0x01 -> 0x00

 Reported by Kernel Concurrency Sanitizer on:
 CPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 ==================================================================

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?4d799285

http://www.nessus.org/u?ebc6e777

https://nvd.nist.gov/vuln/detail/CVE-2023-54283

Plugin Details

Severity: Medium

ID: 308025

File Name: unity_linux_UTSA-2026-013191.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:C

CVSS Score Source: CVE-2023-54283

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/21/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2023-54283