Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011164)

low Nessus Plugin ID 308678

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011164 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 configfs: fix possible memory leak in configfs_create_dir()

 kmemleak reported memory leaks in configfs_create_dir():

 unreferenced object 0xffff888009f6af00 (size 192):
 comm modprobe, pid 3777, jiffies 4295537735 (age 233.784s) backtrace:
 kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273) new_fragment (./include/linux/slab.h:600 fs/configfs/dir.c:163) configfs_register_subsystem (fs/configfs/dir.c:1857) basic_write (drivers/hwtracing/stm/p_basic.c:14) stm_p_basic do_one_initcall (init/main.c:1296) do_init_module (kernel/module/main.c:2455) ...

 unreferenced object 0xffff888003ba7180 (size 96):
 comm modprobe, pid 3777, jiffies 4295537735 (age 233.784s) backtrace:
 kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273) configfs_new_dirent (./include/linux/slab.h:723 fs/configfs/dir.c:194) configfs_make_dirent (fs/configfs/dir.c:248) configfs_create_dir (fs/configfs/dir.c:296) configfs_attach_group.isra.28 (fs/configfs/dir.c:816 fs/configfs/dir.c:852) configfs_register_subsystem (fs/configfs/dir.c:1881) basic_write (drivers/hwtracing/stm/p_basic.c:14) stm_p_basic do_one_initcall (init/main.c:1296) do_init_module (kernel/module/main.c:2455) ...

 This is because the refcount is not correct in configfs_make_dirent().
 For normal stage, the refcount is changing as:

 configfs_register_subsystem() configfs_create_dir() configfs_make_dirent() configfs_new_dirent() # set s_count = 1 dentry->d_fsdata = configfs_get(sd); # s_count = 2 ...
 configfs_unregister_subsystem() configfs_remove_dir() remove_dir() configfs_remove_dirent() # s_count = 1 dput() ...
 *dentry_unlink_inode()* configfs_d_iput() # s_count = 0, release

 However, if we failed in configfs_create():

 configfs_register_subsystem() configfs_create_dir() configfs_make_dirent() # s_count = 2 ...
 configfs_create() # fail
 ->out_remove:
 configfs_remove_dirent(dentry) configfs_put(sd) # s_count = 1 return PTR_ERR(inode);

 There is no inode in the error path, so the configfs_d_iput() is lost and makes sd and fragment memory leaked.

 To fix this, when we failed in configfs_create(), manually call configfs_put(sd) to keep the refcount correct.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?6b45b243

http://www.nessus.org/u?6fea21ff

https://nvd.nist.gov/vuln/detail/CVE-2022-50751

Plugin Details

Severity: Low

ID: 308678

File Name: unity_linux_UTSA-2026-011164.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2022-50751

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-50751