The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3245 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3245-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     December 21, 2022                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux     Version        : 4.19.269-1     CVE ID         : CVE-2022-2978 CVE-2022-3521 CVE-2022-3524 CVE-2022-3564                      CVE-2022-3565 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628                      CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649                      CVE-2022-4378 CVE-2022-20369 CVE-2022-29901 CVE-2022-40768                      CVE-2022-41849 CVE-2022-41850 CVE-2022-42328 CVE-2022-42329                      CVE-2022-42895 CVE-2022-42896 CVE-2022-43750

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    CVE-2022-2978

        butt3rflyh4ck, Hao Sun, and Jiacheng Xu reported a flaw in the         nilfs2 filesystem driver which can lead to a use-after-free.  A         local use might be able to exploit this to cause a denial of         service (crash or memory corruption) or possibly for privilege         escalation.

    CVE-2022-3521

        The syzbot tool found a race condition in the KCM subsystem         which could lead to a crash.

        This subsystem is not enabled in Debian's official kernel         configurations.

    CVE-2022-3524

        The syzbot tool found a race condition in the IPv6 stack which         could lead to a memory leak.  A local user could exploit this to         cause a denial of service (memory exhaustion).

    CVE-2022-3564

        A flaw was discovered in the Bluetooh L2CAP subsystem which         would lead to a use-after-free.  This might be exploitable         to cause a denial of service (crash or memory corruption) or         possibly for privilege escalation.

    CVE-2022-3565

        A flaw was discovered in the mISDN driver which would lead to a         use-after-free.  This might be exploitable to cause a denial of         service (crash or memory corruption) or possibly for privilege         escalation.

    CVE-2022-3594

        Andrew Gaul reported that the r8152 Ethernet driver would log         excessive numbers of messages in response to network errors.  A         remote attacker could possibly exploit this to cause a denial of         service (resource exhaustion).

    CVE-2022-3621, CVE-2022-3646

        The syzbot tool found flaws in the nilfs2 filesystem driver which         can lead to a null pointer dereference or memory leak.  A user         permitted to mount arbitrary filesystem images could use these to         cause a denial of service (crash or resource exhaustion).

    CVE-2022-3628

        Dokyung Song, Jisoo Jang, and Minsuk Kang reported a potential         heap-based buffer overflow in the brcmfmac Wi-Fi driver.  A user         able to connect a malicious USB device could exploit this to cause         a denial of service (crash or memory corruption) or possibly for         privilege escalation.

    CVE-2022-3640

        A flaw was discovered in the Bluetooh L2CAP subsystem which         would lead to a use-after-free.  This might be exploitable         to cause a denial of service (crash or memory corruption) or         possibly for privilege escalation.

    CVE-2022-3643 (XSA-423)

        A flaw was discovered in the Xen network backend driver that would         result in it generating malformed packet buffers.  If these         packets were forwarded to certain other network devices, a Xen         guest could exploit this to cause a denial of service (crash or         device reset).

    CVE-2022-3649

        The syzbot tool found flaws in the nilfs2 filesystem driver which         can lead to a use-after-free.  A user permitted to mount arbitrary         filesystem images could use these to cause a denial of service         (crash or memory corruption) or possibly for privilege escalation.

    CVE-2022-4378

        Kyle Zeng found a flaw in procfs that would cause a stack-based         buffer overflow.  A local user permitted to write to a sysctl         could use this to cause a denial of service (crash or memory         corruption) or possibly for privilege escalation.

    CVE-2022-20369

        A flaw was found in the v4l2-mem2mem media driver that would lead         to an out-of-bounds write.  A local user with access to such a         device could exploit this for privilege escalation.

    CVE-2022-29901

        Johannes Wikner and Kaveh Razavi reported that for Intel         processors (Intel Core generation 6, 7 and 8), protections against         speculative branch target injection attacks were insufficient in         some circumstances, which may allow arbitrary speculative code         execution under certain microarchitecture-dependent conditions.

        More information can be found at         https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-     guidance/advisory-guidance/return-stack-buffer-underflow.html

    CVE-2022-40768

        hdthky reported that the stex SCSI adapter driver did not fully         initialise a structure that is copied to user-space.  A local user         with access to such a device could exploit this to leak sensitive         information.

    CVE-2022-41849

        A race condition was discovered in the smscufx graphics driver,         which could lead to a use-after-free.  A user able to remove the         physical device while also accessing its device node could exploit         this to cause a denial of service (crash or memory corruption) or         possibly for privilege escalation.

    CVE-2022-41850

        A race condition was discovered in the hid-roccat input driver,         which could lead to a use-after-free.  A local user able to access         such a device could exploit this to cause a denial of service         (crash or memory corruption) or possibly for privilege escalation.

    CVE-2022-42328, CVE-2022-42329 (XSA-424)

        Yang Yingliang reported that the Xen network backend driver did         not use the proper function to free packet buffers in one case,         which could lead to a deadlock.  A Xen guest could exploit this to         cause a denial of service (hang).

    CVE-2022-42895

        Tams Koczka reported a flaw in the Bluetooh L2CAP subsystem         that would result in reading uninitialised memory.  A nearby         attacker able to make a Bluetooth connection could exploit         this to leak sensitive information.

    CVE-2022-42896

        Tams Koczka reported flaws in the Bluetooh L2CAP subsystem that         can lead to a use-after-free.  A nearby attacker able to make a         Bluetooth SMP connection could exploit this to cause a denial of         service (crash or memory corruption) or possibly for remote code         execution.

    CVE-2022-43750

        The syzbot tool found that the USB monitor (usbmon) driver allowed         user-space programs to overwrite the driver's data structures.  A         local user permitted to access a USB monitor device could exploit         this to cause a denial of service (memory corruption or crash) or         possibly for privilege escalation.  However, by default only the         root user can access such devices.

    For Debian 10 buster, these problems have been fixed in version     4.19.269-1.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

    --     Ben Hutchings - Debian developer, member of kernel, installer and LTS     teams     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3245 : hyperv-daemons - security update

high Nessus Plugin ID 169294

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jan 22, 2025, 5:44 PM CVE (set "CVE" coverage to "CVE-2022-2978,CVE-2022-3521,CVE-2022-3524,CVE-2022-3564,CVE-2022-3565,CVE-2022-3594,CVE-2022-3621,CVE-2022-3628,CVE-2022-3640,CVE-2022-3643,CVE-2022-3646,CVE-2022-3649,CVE-2022-4378,CVE-2022-20369,CVE-2022-29901,CVE-2022-40768,CVE-2022-41849,CVE-2022-41850,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-43750") CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (changed from "CVE-2022-4232" to "CVE-2022-42896") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501221744
Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Sep 12, 2023, 4:12 PM CVSS metrics ("CVSSv3 score" changed from 10.0 to 9.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (changed from "CVE-2022-3643" to "CVE-2022-4232") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309121612
Version 1.0 Dec 24, 2022, 1:47 PM New Plugin Feed: 202212241347