Detections
Analytics
Debian dla-3508 : hyperv-daemons - security update
critical Nessus Plugin ID 178958
Language:
Synopsis
The remote Debian host is missing one or more security-related updates.Description
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3508 advisory.------------------------------------------------------------------------- Debian LTS Advisory DLA-3508-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings July 27, 2023 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : linux Version : 4.19.289-1 CVE ID : CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-2269 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3268 CVE-2023-3338 CVE-2023-20593 CVE-2023-31084 CVE-2023-32233 CVE-2023-34256 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2023-1380
Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi driver. On systems using this driver, a local user could exploit this to read sensitive information or to cause a denial of service (crash).
CVE-2023-2002
Ruiahn Li reported an incorrect permissions check in the Bluetooth subsystem. A local user could exploit this to reconfigure local Bluetooth interfaces, resulting in information leaks, spoofing, or denial of service (loss of connection).
CVE-2023-2007
Lucas Leong (@_wmliang_) and Reno Robert of Trend Micro Zero Day Initiative discovered a time-of-check-to-time-of-use flaw in the dpt_i2o SCSI controller driver. A local user with access to a SCSI device using this driver could exploit this for privilege escalation.
This flaw has been mitigated by removing support for the I2OUSRCMD operation.
CVE-2023-2269
Zheng Zhang reported that improper handling of locking in the device mapper implementation may result in denial of service.
CVE-2023-3090
It was discovered that missing initialization in ipvlan networking may lead to an out-of-bounds write vulnerability, resulting in denial of service or potentially the execution of arbitrary code.
CVE-2023-3111
The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. It's unclear whether an unprivileged user can exploit this.
CVE-2023-3141
A flaw was discovered in the r592 memstick driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
CVE-2023-3268
It was discovered that an out-of-bounds memory access in relayfs could result in denial of service or an information leak.
CVE-2023-3338
Ornaghi Davide discovered a flaw in the DECnet protocol implementation which could lead to a null pointer dereference or use-after-free. A local user can exploit this to cause a denial of service (crash or memory corruption) and probably for privilege escalation.
This flaw has been mitigated by removing the DECnet protocol implementation.
CVE-2023-20593
Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD Zen 2 CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests.
For details please refer to <https://lock.cmpxchg8b.com/zenbleed.html> and <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.
This issue can also be mitigated by a microcode update through the amd64-microcode package or a system firmware (BIOS/UEFI) update.
However, the initial microcode release by AMD only provides updates for second generation EPYC CPUs. Various Ryzen CPUs are also affected, but no updates are available yet.
CVE-2023-31084
It was discovered that the DVB Core driver does not properly handle locking of certain events, allowing a local user to cause a denial of service.
CVE-2023-32233
Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in the Netfilter nf_tables implementation when processing batch requests, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace.
CVE-2023-34256
The syzbot tool found a time-of-check-to-time-of-use flaw in the ext4 filesystem driver. An attacker able to mount a disk image or device that they can also write to directly could exploit this to cause an out-of-bounds read, possibly resulting in a leak of sensitive information or denial of service (crash).
CVE-2023-35788
Hangyu Hua discovered an out-of-bounds write vulnerability in the Flower classifier which may result in denial of service or the execution of arbitrary code.
CVE-2023-35823
A flaw was discovered in the saa7134 media driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
CVE-2023-35824
A flaw was discovered in the dm1105 media driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
CVE-2023-35828
A flaw was discovered in the renesas_udc USB device-mode driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.
This driver is not enabled in Debian's official kernel configurations.
For Debian 10 buster, these problems have been fixed in version 4.19.289-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
signature.asc Description: PGP signature
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the hyperv-daemons packages.See Also
https://security-tracker.debian.org/tracker/source-package/linux
https://security-tracker.debian.org/tracker/CVE-2023-1380
https://security-tracker.debian.org/tracker/CVE-2023-2002
https://security-tracker.debian.org/tracker/CVE-2023-2007
https://security-tracker.debian.org/tracker/CVE-2023-20593
https://security-tracker.debian.org/tracker/CVE-2023-2269
https://security-tracker.debian.org/tracker/CVE-2023-3090
https://security-tracker.debian.org/tracker/CVE-2023-31084
https://security-tracker.debian.org/tracker/CVE-2023-3111
https://security-tracker.debian.org/tracker/CVE-2023-3141
https://security-tracker.debian.org/tracker/CVE-2023-32233
https://security-tracker.debian.org/tracker/CVE-2023-3268
https://security-tracker.debian.org/tracker/CVE-2023-3338
https://security-tracker.debian.org/tracker/CVE-2023-34256
https://security-tracker.debian.org/tracker/CVE-2023-35788
https://security-tracker.debian.org/tracker/CVE-2023-35823
https://security-tracker.debian.org/tracker/CVE-2023-35824
Plugin Details
Severity: Critical
ID: 178958
File Name: debian_DLA-3508.nasl
Version: 1.4
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 7/28/2023
Updated: 1/22/2025
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2023-35788
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS v4
Risk Factor: Critical
Base Score: 9.3
Threat Score: 9.3
Threat Vector: CVSS:4.0/E:A
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-common-rt, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-686-pae, p-cpe:/a:debian:debian_linux:libcpupower1, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-common, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-cloud-amd64-dbg, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-kbuild-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-686-dbg, p-cpe:/a:debian:debian_linux:linux-source-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-amd64, p-cpe:/a:debian:debian_linux:libcpupower-dev, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:libbpf4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-686, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-i386, p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:libbpf-dev, p-cpe:/a:debian:debian_linux:linux-cpupower, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all, p-cpe:/a:debian:debian_linux:linux-perf-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86, p-cpe:/a:debian:debian_linux:linux-support-4.19.0-26, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-armhf, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-dbg, p-cpe:/a:debian:debian_linux:usbip, p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-doc-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-amd64-dbg, p-cpe:/a:debian:debian_linux:hyperv-daemons, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-config-4.19
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/27/2023
Vulnerability Publication Date: 3/27/2023
Exploitable With
Core Impact
Reference Information
CVE: CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-20593, CVE-2023-2269, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-32233, CVE-2023-3268, CVE-2023-3338, CVE-2023-34256, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828