Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010782)

medium Nessus Plugin ID 308387

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010782 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 seccomp: Move copy_seccomp() to no failure path.

 Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the report [1]. It shows that we miss freeing struct seccomp_filter and some objects included in it.

 We can reproduce the issue with the program below [2] which calls one seccomp() and two clone() syscalls.

 The first clone()d child exits earlier than its parent and sends a signal to kill it during the second clone(), more precisely before the fatal_signal_pending() test in copy_process(). When the parent receives the signal, it has to destroy the embryonic process and return -EINTR to user space. In the failure path, we have to call seccomp_filter_release() to decrement the filter's refcount.

 Initially, we called it in free_task() called from the failure path, but the commit 3a15fb6ed92c (seccomp: release filter after task is fully dead) moved it to release_task() to notify user space as early as possible that the filter is no longer used.

 To keep the change and current seccomp refcount semantics, let's move copy_seccomp() just after the signal check and add a WARN_ON_ONCE() in free_task() for future debugging.

 [0]:
 unreferenced object 0xffff8880063add00 (size 256):
 comm repro_seccomp, pid 230, jiffies 4294687090 (age 9.914s) hex dump (first 32 bytes):
 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
 backtrace:
 do_seccomp (./include/linux/slab.h:600 ./include/linux/slab.h:733 kernel/seccomp.c:666 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffffc90000035000 (size 4096):
 comm repro_seccomp, pid 230, jiffies 4294687090 (age 9.915s) hex dump (first 32 bytes):
 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 ................
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
 backtrace:
 __vmalloc_node_range (mm/vmalloc.c:3226)
 __vmalloc_node (mm/vmalloc.c:3261 (discriminator 4)) bpf_prog_alloc_no_stats (kernel/bpf/core.c:91) bpf_prog_alloc (kernel/bpf/core.c:129) bpf_prog_create_from_user (net/core/filter.c:1414) do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffff888003fa1000 (size 1024):
 comm repro_seccomp, pid 230, jiffies 4294687090 (age 9.915s) hex dump (first 32 bytes):
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
 backtrace:
 bpf_prog_alloc_no_stats (./include/linux/slab.h:600 ./include/linux/slab.h:733 kernel/bpf/core.c:95) bpf_prog_alloc (kernel/bpf/core.c:129) bpf_prog_create_from_user (net/core/filter.c:1414) do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffff888006360240 (size 16):
 comm repro_seccomp, pid 230, jiffies 4294687090 (age 9.915s) hex dump (first 16 bytes):
 01 00 37 00 76 65 72 6c e0 83 01 06 80 88 ff ff ..7.verl........
 backtrace:
 bpf_prog_store_orig_filter (net/core/filter.c:1137) bpf_prog_create_from_user (net/core/filter.c:1428) do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffff888
 ---truncated---

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?567cddc6

http://www.nessus.org/u?9b7fb9d3

https://nvd.nist.gov/vuln/detail/CVE-2022-50661

Plugin Details

Severity: Medium

ID: 308387

File Name: unity_linux_UTSA-2026-010782.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-50661

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-50661