The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3711 advisory.

  - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,     leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)

  - Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30     may allow an unauthenticated user to potentially enable escalation of privilege via network access.
    (CVE-2023-25775)

  - Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is     being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt     in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual     device on the other side. As this action will cause console messages to be issued on the other side quite     often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not     affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the     issue (on Arm32 a waiting writer doesn't block further readers to get the lock). (CVE-2023-34324)

  - An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in     drivers/net/ethernet/renesas/ravb_main.c. (CVE-2023-35827)

  - An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker     can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)

  - An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access     to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES     emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege     escalation). This depends on a race condition through which userspace can replace an instruction before     the #VC handler reads it. (CVE-2023-46813)

  - An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an     io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)

  - A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a     logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to     cause a use-after-free and double-free problem, which may permit remote code execution or lead to local     privilege escalation problem. (CVE-2023-5178)

  - An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-     free because of a vcc_recvmsg race condition. (CVE-2023-51780)

  - An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-     after-free because of an atalk_recvmsg race condition. (CVE-2023-51781)

  - An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-     after-free because of a rose_accept race condition. (CVE-2023-51782)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Addition and removal of rules from chain bindings within the same     transaction causes leads to use-after-free. We recommend upgrading past commit     f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)

  - A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf)     component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an     event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory     locations outside of the allocated buffer. We recommend upgrading past commit     32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)

  - An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue     may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that     results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
    (CVE-2023-6121)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set     walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-     after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. (CVE-2023-6817)

  - A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be     exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap     out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit     382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)

  - A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve     local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on     a RCU read locked object which is freed by another thread. We recommend upgrading past commit     e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3711 : linux-config-5.10 - security update

critical Nessus Plugin ID 189090

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Jun 19, 2024, 9:24 AM CVSSv3 score source (changed from "CVE-2023-5178" to "CVE-2023-25775") Plugin Feed: 202406190924
Version 1.1 Mar 27, 2024, 7:16 PM Detection (Debian kernel vulns will now be evaluated against the running kernel version instead of the highest installed version) Plugin Feed: 202403271916
Version 1.0 Jan 17, 2024, 12:13 AM New Plugin Feed: 202401170013