Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011024)

high Nessus Plugin ID 308432

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011024 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 btrfs: always report error in run_one_delayed_ref()

 Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging.

 This patch will:

 - Add extra info for error reporting Including:
 * logical bytenr
 * num_bytes
 * type
 * action
 * ref_mod

 - Replace the btrfs_debug() with btrfs_err()

 - Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller.

 This error should only be triggered at most once.

 As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out:

 btrfs_run_delayed_refs() `- btrfs_run_delayed_refs() `- btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref()

 And we will abort the current transaction in btrfs_run_delayed_refs().
 If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?8e74ca7c

http://www.nessus.org/u?2adafc8f

https://nvd.nist.gov/vuln/detail/CVE-2022-49761

Plugin Details

Severity: High

ID: 308432

File Name: unity_linux_UTSA-2026-011024.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-49761

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-49761