The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5324 advisory.

  - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller     driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input     data. This flaw allows a local user to crash the system. (CVE-2022-2873)

  - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability     is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the     component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this     issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this     vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation     leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix     this issue. The identifier VDB-211921 was assigned to this vulnerability. (CVE-2022-3623)

  - An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in     drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-36280)

  - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused     by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)

  - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c     has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)

  - There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE     operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation     won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true     as calling io_splice on specific files will call the get_uts function which will use current->nsproxy     leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We     recommend upgrading to version 5.10.160 or above (CVE-2022-4696)

  - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows     an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control     configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in     net/sched/sch_api.c. (CVE-2022-47929)

  - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes     indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)

  - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition     rather than valid classification results). (CVE-2023-23455)

  - Netfilter vulnerability disclosure [fedora-all] (CVE-2023-0179)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5324-1 : linux - security update

high Nessus Plugin ID 170485

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Mar 30, 2023, 10:08 PM CVSSv3 score source (changed from "CVE-2022-4696" to "CVE-2023-0266") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CISA reference Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202303302208
Version 1.0 Jan 24, 2023, 5:11 PM New Plugin Feed: 202301241711