Detections
Analytics

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021525)

medium Nessus Plugin ID 315867

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021525 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: target: iscsi: Fix a race condition between login_work and the login thread

 In case a malicious initiator sends some random data immediately after a login PDU; the iscsi_target_sk_data_ready() callback will schedule the login_work and, at the same time, the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are required to complete the login).

 The login has been completed but the login_work function will find the LOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling itself; at this point, if the initiator drops the connection, the iscsit_conn structure will be freed, login_work will dereference a released socket structure and the kernel crashes.

 BUG: kernel NULL pointer dereference, address: 0000000000000230 PF: supervisor write access in kernel mode PF: error_code(0x0002) - not-present page Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod] RIP: 0010:_raw_read_lock_bh+0x15/0x30 Call trace:
 iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod] process_one_work+0x1e8/0x3c0

 Fix this bug by forcing login_work to stop after the login has been completed and the socket callbacks have been restored.

 Add a comment to clearify the return values of iscsi_target_do_login()

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

http://www.nessus.org/u?e0af89dd

http://www.nessus.org/u?3cdd2b86

https://nvd.nist.gov/vuln/detail/CVE-2022-50350

Plugin Details

Severity: Medium

ID: 315867

File Name: unity_linux_UTSA-2026-021525.nasl

Version: 1.1

Type: Local

Published: 5/20/2026

Updated: 5/20/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 3.8

Temporal Score: 2.8

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-50350

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/21/2026

Vulnerability Publication Date: 9/16/2025

Reference Information

CVE: CVE-2022-50350