The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3244 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3244-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     December 20, 2022                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-5.10     Version        : 5.10.158-2~deb10u1     CVE ID         : CVE-2021-3759 CVE-2022-3169 CVE-2022-3435 CVE-2022-3521                      CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3594                      CVE-2022-3628 CVE-2022-3640 CVE-2022-3643 CVE-2022-4139                      CVE-2022-4378 CVE-2022-41849 CVE-2022-41850 CVE-2022-42328                      CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-47518                      CVE-2022-47519 CVE-2022-47520 CVE-2022-47521     Debian Bug     : 1022806 1024697

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    CVE-2021-3759

        It was discovered that the memory cgroup controller did not         account for kernel memory allocated for IPC objects.  A local user         could use this for denial of service (memory exhaustion).

    CVE-2022-3169

        It was discovered that the NVMe host driver did not prevent a         concurrent reset and subsystem reset.  A local user with access to         an NVMe device could use this to cause a denial of service (device         disconnect or crash).

    CVE-2022-3435

        Gwangun Jung reported a flaw in the IPv4 forwarding subsystem         which would lead to an out-of-bounds read.  A local user with         CAP_NET_ADMIN capability in any user namespace could possibly         exploit this to cause a denial of service (crash).

    CVE-2022-3521

        The syzbot tool found a race condition in the KCM subsystem         which could lead to a crash.

        This subsystem is not enabled in Debian's official kernel         configurations.

    CVE-2022-3524

        The syzbot tool found a race condition in the IPv6 stack which         could lead to a memory leak.  A local user could exploit this to         cause a denial of service (memory exhaustion).

    CVE-2022-3564

        A flaw was discovered in the Bluetooh L2CAP subsystem which         would lead to a use-after-free.  This might be exploitable         to cause a denial of service (crash or memory corruption) or         possibly for privilege escalation.

    CVE-2022-3565

        A flaw was discovered in the mISDN driver which would lead to a         use-after-free.  This might be exploitable to cause a denial of         service (crash or memory corruption) or possibly for privilege         escalation.

    CVE-2022-3594

        Andrew Gaul reported that the r8152 Ethernet driver would log         excessive numbers of messages in response to network errors.  A         remote attacker could possibly exploit this to cause a denial of         service (resource exhaustion).

    CVE-2022-3628

        Dokyung Song, Jisoo Jang, and Minsuk Kang reported a potential         heap-based buffer overflow in the brcmfmac Wi-Fi driver.  A user         able to connect a malicious USB device could exploit this to cause         a denial of service (crash or memory corruption) or possibly for         privilege escalation.

    CVE-2022-3640

        A flaw was discovered in the Bluetooh L2CAP subsystem which         would lead to a use-after-free.  This might be exploitable         to cause a denial of service (crash or memory corruption) or         possibly for privilege escalation.

    CVE-2022-3643 (XSA-423)

        A flaw was discovered in the Xen network backend driver that would         result in it generating malformed packet buffers.  If these         packets were forwarded to certain other network devices, a Xen         guest could exploit this to cause a denial of service (crash or         device reset).

    CVE-2022-4139

        A flaw was discovered in the i915 graphics driver.  On gen12 Xe         GPUs it failed to flush TLBs when necessary, resulting in GPU         programs retaining access to freed memory.  A local user with         access to the GPU could exploit this to leak sensitive         information, cause a denial of service (crash or memory         corruption) or likely for privilege escalation.

    CVE-2022-4378

        Kyle Zeng found a flaw in procfs that would cause a stack-based         buffer overflow.  A local user permitted to write to a sysctl         could use this to cause a denial of service (crash or memory         corruption) or possibly for privilege escalation.

    CVE-2022-41849

        A race condition was discovered in the smscufx graphics driver,         which could lead to a use-after-free.  A user able to remove the         physical device while also accessing its device node could exploit         this to cause a denial of service (crash or memory corruption) or         possibly for privilege escalation.

    CVE-2022-41850

        A race condition was discovered in the hid-roccat input driver,         which could lead to a use-after-free.  A local user able to access         such a device could exploit this to cause a denial of service         (crash or memory corruption) or possibly for privilege escalation.

    CVE-2022-42328, CVE-2022-42329 (XSA-424)

        Yang Yingliang reported that the Xen network backend driver did         not use the proper function to free packet buffers in one case,         which could lead to a deadlock.  A Xen guest could exploit this to         cause a denial of service (hang).

    CVE-2022-42895

        Tams Koczka reported a flaw in the Bluetooh L2CAP subsystem         that would result in reading uninitialised memory.  A nearby         attacker able to make a Bluetooth connection could exploit         this to leak sensitive information.

    CVE-2022-42896

        Tams Koczka reported flaws in the Bluetooh L2CAP subsystem that         can lead to a use-after-free.  A nearby attacker able to make a         Bluetooth SMP connection could exploit this to cause a denial of         service (crash or memory corruption) or possibly for remote code         execution.

    CVE-2022-47518, CVE-2022-47519, CVE-2022-47521

        Several flaws were discovered in the wilc1000 Wi-Fi driver which         could lead to a heap-based buffer overflow.  A nearby attacker         could exploit these for denial of service (crash or memory         corruption) or possibly for remote code execution.

    CVE-2022-47520

        A flaw was discovered in the wilc1000 Wi-Fi driver which could         lead to a heap-based buffer overflow.  A local user with         CAP_NET_ADMIN capability over such a Wi-Fi device could exploit         this for denial of service (crash or memory corruption) or         possibly for privilege escalation.

    For Debian 10 buster, these problems have been fixed in version     5.10.158-2~deb10u1.

    We recommend that you upgrade your linux-5.10 packages.

    For the detailed security status of linux-5.10 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-5.10

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

    --     Ben Hutchings - Debian developer, member of kernel, installer and LTS     teams     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3244 : linux-config-5.10 - security update

high Nessus Plugin ID 169293

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jan 22, 2025, 5:44 PM CVE (set "CVE" coverage to "CVE-2021-3759,CVE-2022-3169,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3564,CVE-2022-3565,CVE-2022-3594,CVE-2022-3628,CVE-2022-3640,CVE-2022-3643,CVE-2022-4139,CVE-2022-4378,CVE-2022-41849,CVE-2022-41850,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-47518,CVE-2022-47519,CVE-2022-47520,CVE-2022-47521") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501221744
Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Sep 12, 2023, 4:12 PM CVSS metrics ("CVSSv2 score" changed from 10.0 to 8.3. "CVSSv3 score" changed from 10.0 to 8.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" to "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2022-3643" to "CVE-2022-42896") CVSSv3 score source (set to "CVE-2022-42896") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309121612
Version 1.0 Dec 24, 2022, 1:47 PM New Plugin Feed: 202212241347