The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3349 advisory.

  - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller     driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input     data. This flaw allows a local user to crash the system. (CVE-2022-2873)

  - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability     is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the     component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this     issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this     vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation     leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix     this issue. The identifier VDB-211921 was assigned to this vulnerability. (CVE-2022-3623)

  - An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in     drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-36280)

  - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused     by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)

  - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c     has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)

  - There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE     operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation     won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true     as calling io_splice on specific files will call the get_uts function which will use current->nsproxy     leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We     recommend upgrading to version 5.10.160 or above (CVE-2022-4696)

  - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows     an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control     configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in     net/sched/sch_api.c. (CVE-2022-47929)

  - There is a logic error in io_uring's implementation which can be used to trigger a use-after-free     vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the     last io_grab_identity call cannot return false is not true, and in this case the function will use the     init_cred or the previous linked requests identity to do operations instead of using the current identity.
    This can lead to reference counting issues causing use-after-free. We recommend upgrading past version     5.10.161. (CVE-2023-0240)

  - A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
    SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result     in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit     56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266)

  - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network     subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)

  - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes     indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)

  - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition     rather than valid classification results). (CVE-2023-23455)

  - Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the     user process. timens_install calls current_is_single_threaded to determine if the current process is     single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to     insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace     is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page     allocated by the kernel will be still available from the user-space process and can leak memory contents     via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit     788d0824269bef539fe31a785b1517882eafed93     https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring (CVE-2023-23586)

  - kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-3349-1 : linux-5.10 - LTS security update

high Nessus Plugin ID 172079

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Mar 30, 2023, 10:08 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202303302208
Version 1.0 Mar 3, 2023, 11:58 AM New Plugin Feed: 202303031158