The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5461 advisory.

  - An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to     potentially access sensitive information. (CVE-2023-20593)

  - A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in     net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a     dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local     attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit     1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5461-1 : linux - security update

high Nessus Plugin ID 179043

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.1 Aug 1, 2023, 3:18 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2023-3390" to "CVE-2023-3610") CVSSv3 score source (set to "CVE-2023-3610") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202308011518
Version 1.0 Jul 31, 2023, 4:02 PM New Plugin Feed: 202307311602