The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5448 advisory.

  - An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores     an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or     potentially escalate their privileges on the system. (CVE-2023-2124)

  - A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol.
    This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion     failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the     system. (CVE-2023-2156)

  - A denial of service problem was found, due to a possible recursive locking scenario, resulting in a     deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-     component. (CVE-2023-2269)

  - A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to     achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in     the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend     upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)

  - An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a     blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is     called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event,     down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and     down(&fepriv->sem) may block the process. (CVE-2023-31084)

  - A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on     corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it     has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
    (CVE-2023-3212)

  - An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in     kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel     internal information. (CVE-2023-3268)

  - A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in     net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a     dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local     attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit     1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)

  - An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.
    It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
    This may result in denial of service or privilege escalation. (CVE-2023-35788)

  - distros-[DirtyVMA] Privilege escalation via non-RCU-protected VMA traversal [fedora-all] (CVE-2023-3269)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5448-1 : linux - security update

high Nessus Plugin ID 178003

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.4 Dec 25, 2023, 2:08 PM CVSS metrics ("CVSSv2 score" set to 7.6. "CVSSv2 vector" set to "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C". "CVSSv3 score" set to 8.1. "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H") Plugin Feed: 202312251408
Version 1.3 Dec 13, 2023, 4:19 PM CVSS metrics ("CVSSv2 score" set to 10.0. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H". "CVSSv3 score" set to 9.8) Plugin Feed: 202312131619
Version 1.2 Aug 28, 2023, 2:07 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202308281407
Version 1.1 Jul 18, 2023, 2:12 PM CVSS metrics ("CVSSv2 score" changed from 6.8 to 7.6. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C" to "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C". "CVSSv3 score" changed from 7.8 to 8.1. "CVSSv3 vector" changed from "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2023-35788" to "CVE-2023-32254") CVSSv2 severity (based on CVE-2023-32254, severity increased from "Medium" to "High") CVSSv3 score source (set to "CVE-2023-32254") Plugin Feed: 202307181412
Version 1.0 Jul 6, 2023, 5:56 AM New Plugin Feed: 202307060556