Detections
Analytics

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011222)

medium Nessus Plugin ID 308920

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011222 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 ocfs2: fix memory leak in ocfs2_mount_volume()

 There is a memory leak reported by kmemleak:

 unreferenced object 0xffff88810cc65e60 (size 32):
 comm mount.ocfs2, pid 23753, jiffies 4302528942 (age 34735.105s) hex dump (first 32 bytes):
 10 00 00 00 00 00 00 00 00 01 01 01 01 01 01 01 ................
 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 ................
 backtrace:
 [<ffffffff8170f73d>] __kmalloc+0x4d/0x150 [<ffffffffa0ac3f51>] ocfs2_compute_replay_slots+0x121/0x330 [ocfs2] [<ffffffffa0b65165>] ocfs2_check_volume+0x485/0x900 [ocfs2] [<ffffffffa0b68129>] ocfs2_mount_volume.isra.0+0x1e9/0x650 [ocfs2] [<ffffffffa0b7160b>] ocfs2_fill_super+0xe0b/0x1740 [ocfs2] [<ffffffff818e1fe2>] mount_bdev+0x312/0x400 [<ffffffff819a086d>] legacy_get_tree+0xed/0x1d0 [<ffffffff818de82d>] vfs_get_tree+0x7d/0x230 [<ffffffff81957f92>] path_mount+0xd62/0x1760 [<ffffffff81958a5a>] do_mount+0xca/0xe0 [<ffffffff81958d3c>] __x64_sys_mount+0x12c/0x1a0 [<ffffffff82f26f15>] do_syscall_64+0x35/0x80 [<ffffffff8300006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

 This call stack is related to two problems. Firstly, the ocfs2 super uses replay_map to trace online/offline slots, in order to recover offline slots during recovery and mount. But when ocfs2_truncate_log_init() returns an error in ocfs2_mount_volume(), the memory of replay_map will not be freed in error handling path. Secondly, the memory of replay_map will not be freed if d_make_root() returns an error in ocfs2_fill_super().
 But the memory of replay_map will be freed normally when completing recovery and mount in ocfs2_complete_mount_recovery().

 Fix the first problem by adding error handling path to free replay_map when ocfs2_truncate_log_init() fails. And fix the second problem by calling ocfs2_free_replay_slots(osb) in the error handling path out_dismount. In addition, since ocfs2_free_replay_slots() is static, it is necessary to remove its static attribute and declare it in header file.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?5d2af762

http://www.nessus.org/u?a90a0a59

https://nvd.nist.gov/vuln/detail/CVE-2022-50770

Plugin Details

Severity: Medium

ID: 308920

File Name: unity_linux_UTSA-2026-011222.nasl

Version: 1.1

Type: Local

Published: 4/21/2026

Updated: 4/21/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:C

CVSS Score Source: CVE-2022-50770

CVSS v3

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.9

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/UOS-Server/release, Host/UOS-Server/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-50770