Debian dla-3711 : linux-config-5.10 - security update

critical Nessus Plugin ID 189090

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3711 advisory.

- In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)

- Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
(CVE-2023-25775)

- Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock). (CVE-2023-34324)

- An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. (CVE-2023-35827)

- An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)

- An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. (CVE-2023-46813)

- An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)

- A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem. (CVE-2023-5178)

- An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after- free because of a vcc_recvmsg race condition. (CVE-2023-51780)

- An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use- after-free because of an atalk_recvmsg race condition. (CVE-2023-51781)

- An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use- after-free because of a rose_accept race condition. (CVE-2023-51782)

- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)

- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)

- An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
(CVE-2023-6121)

- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use- after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. (CVE-2023-6817)

- A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)

- A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the linux-config-5.10 packages.

See Also

https://security-tracker.debian.org/tracker/source-package/linux-5.10

https://security-tracker.debian.org/tracker/CVE-2021-44879

https://security-tracker.debian.org/tracker/CVE-2023-25775

https://security-tracker.debian.org/tracker/CVE-2023-34324

https://security-tracker.debian.org/tracker/CVE-2023-35827

https://security-tracker.debian.org/tracker/CVE-2023-45863

https://security-tracker.debian.org/tracker/CVE-2023-46813

https://security-tracker.debian.org/tracker/CVE-2023-46862

https://security-tracker.debian.org/tracker/CVE-2023-5178

https://security-tracker.debian.org/tracker/CVE-2023-51780

https://security-tracker.debian.org/tracker/CVE-2023-51781

https://security-tracker.debian.org/tracker/CVE-2023-51782

https://security-tracker.debian.org/tracker/CVE-2023-5197

https://security-tracker.debian.org/tracker/CVE-2023-5717

https://security-tracker.debian.org/tracker/CVE-2023-6121

https://security-tracker.debian.org/tracker/CVE-2023-6531

https://security-tracker.debian.org/tracker/CVE-2023-6817

https://security-tracker.debian.org/tracker/CVE-2023-6931

https://security-tracker.debian.org/tracker/CVE-2023-6932

https://packages.debian.org/source/buster/linux-5.10

Plugin Details

Severity: Critical

ID: 189090

File Name: debian_DLA-3711.nasl

Version: 1.2

Type: local

Agent: unix

Published: 1/16/2024

Updated: 6/19/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-44879

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-25775

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-armmp, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686, p-cpe:/a:debian:debian_linux:linux-perf-5.10, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-arm64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-common-rt, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-cloud-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.27, p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp, p-cpe:/a:debian:debian_linux:linux-kbuild-5.10, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-arm64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-common, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686, p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.24, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-common, p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-arm64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-common-rt, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-686, p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-arm64, p-cpe:/a:debian:debian_linux:linux-config-5.10, p-cpe:/a:debian:debian_linux:linux-image-5.10-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-source-5.10, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-686, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-common-rt, p-cpe:/a:debian:debian_linux:linux-doc-5.10, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-armmp, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.26, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-cloud-arm64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-signed-template, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-686, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-cloud-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686-pae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-amd64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-common, p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-arm64, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-arm64, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-dbg

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/11/2024

Vulnerability Publication Date: 2/14/2022

Reference Information

CVE: CVE-2021-44879, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-5178, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932