The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5161 advisory.

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation,     denial of service or information leaks. CVE-2022-0494 The scsi_ioctl() was susceptible to an information     leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities. CVE-2022-0854 Ali Haider     discovered a potential information leak in the DMA subsystem. On systems where the swiotlb feature is     needed, this might allow a local user to read sensitive information. CVE-2022-1012 The randomisation when     calculating port offsets in the IP implementation was enhanced. CVE-2022-1729 Norbert Slusarek discovered     a race condition in the perf subsystem which could result in local privilege escalation to root. The     default settings in Debian prevent exploitation unless more permissive settings have been applied in the     kernel.perf_event_paranoid sysctl. CVE-2022-1786 Kyle Zeng discovered a use-after-free in the io_uring     subsystem which way result in local privilege escalation to root. CVE-2022-1789 / CVE-2022-1852 Yongkang     Jia, Gaoning Pan and Qiuhao Li discovered two NULL pointer dereferences in KVM's CPU instruction handling,     resulting in denial of service. CVE-2022-1966 Aaron Adams discovered a use-after-free in Netfilter which     may result in local privilege escalation to root. CVE-2022-1972 Ziming Zhang discovered an out-of-bound     write in Netfilter which may result in local privilege escalation to root. CVE-2022-1974 / CVE-2022-1975     Duoming Zhou discovered that the NFC netlink interface was suspectible to denial of service.
    CVE-2022-21499 It was discovered that the kernel debugger could be used to bypass UEFI Secure Boot     restrictions. CVE-2022-28893 Felix Fu discovered a use-after-free in the implementation of the Remote     Procedure Call (SunRPC) protocol, which could result in denial of service or an information leak. For the     stable distribution (bullseye), these problems have been fixed in version 5.10.120-1. We recommend that     you upgrade your linux packages. For the detailed security status of linux please refer to its security     tracker page at: https://security-tracker.debian.org/tracker/linux

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5161-1 : linux - security update

high Nessus Plugin ID 162159

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.7

Version 1.6

Version 1.6

Version 1.5

Version 1.10 Jan 24, 2025, 9:25 PM CVE (set "CVE" coverage to "CVE-2022-0494,CVE-2022-0854,CVE-2022-1012,CVE-2022-1729,CVE-2022-1786,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1975,CVE-2022-21499,CVE-2022-28893") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501242125
Version 1.9 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.8 Jan 16, 2024, 5:39 PM CVE (Removed rejected CVE) Plugin Feed: 202401161739
Version 1.7 Oct 20, 2023, 5:46 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310201746
Version 1.7 Jan 16, 2024, 3:43 PM CVE (Removed rejected CVE) Plugin Feed: 202401161543
Version 1.6 Mar 23, 2023, 8:46 PM Plugin requirements Plugin Feed: 202303232046
Version 1.6 Oct 20, 2023, 3:51 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310201551
Version 1.5 Oct 3, 2022, 3:58 PM CVSS metrics Plugin Feed: 202210031558