Detections
Analytics

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011255)

medium Nessus Plugin ID 308437

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011255 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 skbuff: Fix a race between coalescing and releasing SKBs

 Commit 1effe8ca4e34 (skbuff: fix coalescing for page_pool fragment recycling) allowed coalescing to proceed with non page pool page and page pool page when @from is cloned, i.e.

 to->pp_recycle --> false from->pp_recycle --> true skb_cloned(from) --> true

 However, it actually requires skb_cloned(@from) to hold true until coalescing finishes in this situation. If the other cloned SKB is released while the merging is in process, from_shinfo->nr_frags will be set to 0 toward the end of the function, causing the increment of frag page _refcount to be unexpectedly skipped resulting in inconsistent reference counts. Later when SKB(@to) is released, it frees the page directly even though the page pool page is still in use, leading to use-after-free or double-free errors. So it should be prohibited.

 The double-free error message below prompted us to investigate:
 BUG: Bad page state in process swapper/1 pfn:0e0d1 page:00000000c6548b28 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xe0d1 flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) raw: 000fffffc0000000 0000000000000000 ffffffff00000101 0000000000000000 raw: 0000000000000002 0000000000000000 ffffffffffffffff 0000000000000000 page dumped because: nonzero _refcount

 CPU: 1 PID: 0 Comm: swapper/1 Tainted: G E 6.2.0+ Call Trace:
 <IRQ> dump_stack_lvl+0x32/0x50 bad_page+0x69/0xf0 free_pcp_prepare+0x260/0x2f0 free_unref_page+0x20/0x1c0 skb_release_data+0x10b/0x1a0 napi_consume_skb+0x56/0x150 net_rx_action+0xf0/0x350 ? __napi_schedule+0x79/0x90
 __do_softirq+0xc8/0x2b1
 __irq_exit_rcu+0xb9/0xf0 common_interrupt+0x82/0xa0 </IRQ> <TASK> asm_common_interrupt+0x22/0x40 RIP: 0010:default_idle+0xb/0x20

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?3c0477c6

http://www.nessus.org/u?5082f53f

https://nvd.nist.gov/vuln/detail/CVE-2023-53186

Plugin Details

Severity: Medium

ID: 308437

File Name: unity_linux_UTSA-2026-011255.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 3.8

Temporal Score: 2.8

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2023-53186

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2026

Vulnerability Publication Date: 5/3/2023

Reference Information

CVE: CVE-2023-53186