The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5324 advisory.

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation,     denial of service or information leaks. CVE-2022-2873 Zheyu Ma discovered that an out-of-bounds memory     access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of service (system     crash). CVE-2022-3545 It was discovered that the Netronome Flow Processor (NFP) driver contained a use-     after-free flaw in area_cache_get(), which may result in denial of service or the execution of arbitrary     code. CVE-2022-3623 A race condition when looking up a CONT-PTE/PMD size hugetlb page may result in denial     of service or an information leak. CVE-2022-4696 A use-after-free vulnerability was discovered in the     io_uring subsystem. CVE-2022-36280 An out-of-bounds memory write vulnerability was discovered in the     vmwgfx driver, which may allow a local unprivileged user to cause a denial of service (system crash).
    CVE-2022-41218 Hyunwoo Kim reported a use-after-free flaw in the Media DVB core subsystem caused by     refcount races, which may allow a local user to cause a denial of service or escalate privileges.
    CVE-2022-45934 An integer overflow in l2cap_config_req() in the Bluetooth subsystem was discovered, which     may allow a physically proximate attacker to cause a denial of service (system crash). CVE-2022-47929     Frederick Lawler reported a NULL pointer dereference in the traffic control subsystem allowing an     unprivileged user to cause a denial of service by setting up a specially crafted traffic control     configuration. CVE-2023-0179 Davide Ornaghi discovered incorrect arithmetics when fetching VLAN header     bits in the netfilter subsystem, allowing a local user to leak stack and heap addresses or potentially     local privilege escalation to root. CVE-2023-0266 A use-after-free flaw in the sound subsystem due to     missing locking may result in denial of service or privilege escalation. CVE-2023-0394 Kyle Zeng     discovered a NULL pointer dereference flaw in rawv6_push_pending_frames() in the network subsystem     allowing a local user to cause a denial of service (system crash). CVE-2023-23454 Kyle Zeng reported that     the Class Based Queueing (CBQ) network scheduler was prone to denial of service due to interpreting     classification results before checking the classification return code. CVE-2023-23455 Kyle Zeng reported     that the ATM Virtual Circuits (ATM) network scheduler was prone to a denial of service due to interpreting     classification results before checking the classification return code. For the stable distribution     (bullseye), these problems have been fixed in version 5.10.162-1. We recommend that you upgrade your linux     packages. For the detailed security status of linux please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5324-1 : linux - security update

high Nessus Plugin ID 170485

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jan 24, 2025, 9:25 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501242125
Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Mar 30, 2023, 10:08 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv3 score source (changed from "CVE-2022-4696" to "CVE-2023-0266") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202303302208
Version 1.0 Jan 24, 2023, 5:11 PM New Plugin Feed: 202301241711