The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3349 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3349-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     March 02, 2023                                https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-5.10     Version        : 5.10.162-1~deb10u1     CVE ID         : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696                      CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929                      CVE-2023-0179 CVE-2023-0240 CVE-2023-0266 CVE-2023-0394                      CVE-2023-23454  CVE-2023-23455 CVE-2023-23586     Debian Bug     : 825141 1008501 1027430 1027483

    Several vulnerabilities have been discovered in the Linux kernel that     may lead to a privilege escalation, denial of service or information     leaks.

    CVE-2022-2873

        Zheyu Ma discovered that an out-of-bounds memory access flaw in         the Intel iSMT SMBus 2.0 host controller driver may result in         denial of service (system crash).

    CVE-2022-3545

        It was discovered that the Netronome Flow Processor (NFP) driver         contained a use-after-free flaw in area_cache_get(), which may         result in denial of service or the execution of arbitrary code.

    CVE-2022-3623

        A race condition when looking up a CONT-PTE/PMD size hugetlb page         may result in denial of service or an information leak.

    CVE-2022-4696

        A use-after-free vulnerability was discovered in the io_uring         subsystem.

    CVE-2022-36280

        An out-of-bounds memory write vulnerability was discovered in the         vmwgfx driver, which may allow a local unprivileged user to cause         a denial of service (system crash).

    CVE-2022-41218

        Hyunwoo Kim reported a use-after-free flaw in the Media DVB core         subsystem caused by refcount races, which may allow a local user         to cause a denial of service or escalate privileges.

    CVE-2022-45934

        An integer overflow in l2cap_config_req() in the Bluetooth         subsystem was discovered, which may allow a physically proximate         attacker to cause a denial of service (system crash).

    CVE-2022-47929

        Frederick Lawler reported a NULL pointer dereference in the         traffic control subsystem allowing an unprivileged user to cause a         denial of service by setting up a specially crafted traffic         control configuration.

    CVE-2023-0179

        Davide Ornaghi discovered incorrect arithmetics when fetching VLAN         header bits in the netfilter subsystem, allowing a local user to         leak stack and heap addresses or potentially local privilege         escalation to root.

    CVE-2023-0240

        A flaw was discovered in the io_uring subsystem that could lead         to a use-after-free.  A local user could exploit this to cause         a denial of service (crash or memory corruption) or possibly for         privilege escalation.

    CVE-2023-0266

        A use-after-free flaw in the sound subsystem due to missing         locking may result in denial of service or privilege escalation.

    CVE-2023-0394

        Kyle Zeng discovered a NULL pointer dereference flaw in         rawv6_push_pending_frames() in the network subsystem allowing a         local user to cause a denial of service (system crash).

    CVE-2023-23454

        Kyle Zeng reported that the Class Based Queueing (CBQ) network         scheduler was prone to denial of service due to interpreting         classification results before checking the classification return         code.

    CVE-2023-23455

        Kyle Zeng reported that the ATM Virtual Circuits (ATM) network         scheduler was prone to a denial of service due to interpreting         classification results before checking the classification return         code.

    CVE-2023-23586

        A flaw was discovered in the io_uring subsystem that could lead to         an information leak.  A local user could exploit this to obtain         sensitive information from the kernel or other users.

    For Debian 10 buster, these problems have been fixed in version     5.10.162-1~deb10u1.

    This update also fixes Debian bugs #825141, #1008501, #1027430, and     #1027483, and includes many more bug fixes from stable updates     5.10.159-5.10.162 inclusive.

    We recommend that you upgrade your linux-5.10 packages.

    For the detailed security status of linux-5.10 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-5.10

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3349 : linux-config-5.10 - security update

high Nessus Plugin ID 172079

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jan 22, 2025, 8:38 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501222038
Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Mar 30, 2023, 10:08 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") CISA reference Plugin Feed: 202303302208
Version 1.0 Mar 3, 2023, 11:58 AM New Plugin Feed: 202303031158