Detections
Analytics

Debian dla-3710 : hyperv-daemons - security update

critical Nessus Plugin ID 189094

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3710 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-3710-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings January 10, 2024 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : linux Version : 4.19.304-1 CVE ID : CVE-2021-44879 CVE-2023-0590 CVE-2023-1077 CVE-2023-1206 CVE-2023-1989 CVE-2023-3212 CVE-2023-3390 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772 CVE-2023-3776 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-4244 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 CVE-2023-5717 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 CVE-2023-25775 CVE-2023-34319 CVE-2023-34324 CVE-2023-35001 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-40283 CVE-2023-42753 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-45871 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782

 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

 CVE-2021-44879

 Wenqing Liu reported a NULL pointer dereference in the f2fs implementation. An attacker able to mount a specially crafted image can take advantage of this flaw for denial of service.

 CVE-2023-0590

 Dmitry Vyukov discovered a race condition in the network scheduler core that that can lead to a use-after-free. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

 CVE-2023-1077

 Pietro Borrello reported a type confusion flaw in the task scheduler. A local user might be able to exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

 CVE-2023-1206

 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant increase in the cost of lookups, increased CPU utilization).

 CVE-2023-1989

 Zheng Wang reported a race condition in the btsdio Bluetooth adapter driver that can lead to a use-after-free. An attacker able to insert and remove SDIO devices can use this to cause a denial of service (crash or memory corruption) or possibly to run arbitrary code in the kernel.

 CVE-2023-3212

 Yang Lan discovered that missing validation in the GFS2 filesystem could result in denial of service via a NULL pointer dereference when mounting a malformed GFS2 filesystem.

 CVE-2023-3390

 A use-after-free flaw in the netfilter subsystem caused by incorrect error path handling may result in denial of service or privilege escalation.

 CVE-2023-3609, CVE-2023-3776, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208

 It was discovered that a use-after-free in the cls_fw, cls_u32, cls_route and network classifiers may result in denial of service or potential local privilege escalation.

 CVE-2023-3611

 It was discovered that an out-of-bounds write in the traffic control subsystem for the Quick Fair Queueing scheduler (QFQ) may result in denial of service or privilege escalation.

 CVE-2023-3772

 Lin Ma discovered a NULL pointer dereference flaw in the XFRM subsystem which may result in denial of service.

 CVE-2023-4244

 A race condition was found in the nftables subsystem that could lead to a use-after-free. A local user could exploit this to cause a denial of service (crash), information leak, or possibly for privilege escalation.

 CVE-2023-4622

 Bing-Jhong Billy Jheng discovered a use-after-free within the Unix domain sockets component, which may result in local privilege escalation.

 CVE-2023-4623

 Budimir Markovic reported a missing configuration check in the sch_hfsc network scheduler that could lead to a use-after-free or other problems. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

 CVE-2023-4921

 valis reported flaws in the sch_qfq network scheduler that could lead to a use-after-free. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.

 CVE-2023-5717

 Budimir Markovic reported a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system caused by improper handling of event groups, which may result in denial of service or privilege escalation. The default settings in Debian prevent exploitation unless more permissive settings have been applied in the kernel.perf_event_paranoid sysctl.

 CVE-2023-6606

 j51569436 reported a potential out-of-bounds read in the CIFS filesystem implementation. If a CIFS filesystem is mounted from a malicious server, the server could possibly exploit this to cause a denial of service (crash).

 CVE-2023-6931

 Budimir Markovic reported a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system which may result in denial of service or privilege escalation. The default settings in Debian prevent exploitation unless more permissive settings have been applied in the kernel.perf_event_paranoid sysctl.

 CVE-2023-6932

 A use-after-free vulnerability in the IPv4 IGMP implementation may result in denial of service or privilege escalation.

 CVE-2023-25775

 Ivan D Barrera, Christopher Bednarz, Mustafa Ismail and Shiraz Saleem discovered that improper access control in the Intel Ethernet Controller RDMA driver may result in privilege escalation.

 CVE-2023-34319

 Ross Lagerwall discovered a buffer overrun in Xen's netback driver which may allow a Xen guest to cause denial of service to the virtualisation host by sending malformed packets.

 CVE-2023-34324

 Marek Marczykowski-Gorecki reported a possible deadlock in the Xen guests event channel code which may allow a malicious guest administrator to cause a denial of service.

 CVE-2023-35001

 Tanguy DUBROCA discovered an out-of-bounds reads and write flaw in the Netfilter nf_tables implementation when processing an nft_byteorder expression, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace.

 CVE-2023-39189, CVE-2023-39192, CVE-2023-39193

 Lucas Leong of Trend Micro Zero Day Initiative reported missing bounds checks in the nfnetlink_osf, xt_u32, and xt_sctp netfilter modules. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit these to leak sensitive information from the kernel or for denial of service (crash).

 CVE-2023-39194

 Lucas Leong of Trend Micro Zero Day Initiative reported a missing bounds check in the xfrm (IPsec) subsystem. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit this to leak sensitive information from the kernel or for denial of service (crash).

 CVE-2023-40283

 A use-after-free was discovered in Bluetooth L2CAP socket handling.

 CVE-2023-42753

 Kyle Zeng discovered an off-by-one error in the netfilter ipset subsystem which could lead to out-of-bounds memory access. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit this to cause a denial of service (memory corruption or crash) and possibly for privilege escalation.

 CVE-2023-42754

 Kyle Zeng discovered a flaw in the IPv4 implementation which could lead to a null pointer deference. A local user could exploit this for denial of service (crash).

 CVE-2023-42755

 Kyle Zeng discovered missing configuration validation in the cls_rsvp network classifier which could lead to out-of-bounds reads. A local user with the CAP_NET_ADMIN capability in any user or network namespace could exploit this to cause a denial of service (crash) or to leak sensitive information.

 This flaw has been mitigated by removing the cls_rsvp classifier.

 CVE-2023-45863

 A race condition in library routines for handling generic kernel objects may result in an out-of-bounds write in the fill_kobj_path() function.

 CVE-2023-45871

 Manfred Rudigier reported a flaw in the igb network driver for Intel Gigabit Ethernet interfaces. When the rx-all feature was enabled on such a network interface, an attacker on the same network segment could send packets that would overflow a receive buffer, leading to a denial of service (crash or memory corruption) or possibly remote code execution.

 CVE-2023-51780

 It was discovered that a race condition in the ATM (Asynchronous Transfer Mode) subsystem may lead to a use-after-free.

 CVE-2023-51781

 It was discovered that a race condition in the Appletalk subsystem may lead to a use-after-free.

 CVE-2023-51782

 It was discovered that a race condition in the Amateur Radio X.25 PLP (Rose) support may lead to a use-after-free. This module is not auto-loaded on Debian systems, so this issue only affects systems where it is explicitly loaded.

 For Debian 10 buster, these problems have been fixed in version 4.19.304-1. This update additionally includes many more bug fixes from stable updates 4.19.290-4.19.304 inclusive.

 We recommend that you upgrade your linux packages.

 For the detailed security status of linux please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/linux

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the hyperv-daemons packages.

See Also

https://security-tracker.debian.org/tracker/source-package/linux

https://security-tracker.debian.org/tracker/CVE-2021-44879

https://security-tracker.debian.org/tracker/CVE-2023-0590

https://security-tracker.debian.org/tracker/CVE-2023-1077

https://security-tracker.debian.org/tracker/CVE-2023-1206

https://security-tracker.debian.org/tracker/CVE-2023-1989

https://security-tracker.debian.org/tracker/CVE-2023-25775

https://security-tracker.debian.org/tracker/CVE-2023-3212

https://security-tracker.debian.org/tracker/CVE-2023-3390

https://security-tracker.debian.org/tracker/CVE-2023-34319

https://security-tracker.debian.org/tracker/CVE-2023-34324

https://security-tracker.debian.org/tracker/CVE-2023-35001

https://security-tracker.debian.org/tracker/CVE-2023-3609

https://security-tracker.debian.org/tracker/CVE-2023-3611

https://security-tracker.debian.org/tracker/CVE-2023-3772

https://security-tracker.debian.org/tracker/CVE-2023-3776

https://security-tracker.debian.org/tracker/CVE-2023-39189

https://security-tracker.debian.org/tracker/CVE-2023-39192

https://security-tracker.debian.org/tracker/CVE-2023-39193

https://security-tracker.debian.org/tracker/CVE-2023-39194

https://security-tracker.debian.org/tracker/CVE-2023-40283

https://security-tracker.debian.org/tracker/CVE-2023-4206

https://security-tracker.debian.org/tracker/CVE-2023-4207

https://security-tracker.debian.org/tracker/CVE-2023-4208

https://security-tracker.debian.org/tracker/CVE-2023-4244

https://security-tracker.debian.org/tracker/CVE-2023-42753

https://security-tracker.debian.org/tracker/CVE-2023-42754

https://security-tracker.debian.org/tracker/CVE-2023-42755

https://security-tracker.debian.org/tracker/CVE-2023-45863

https://security-tracker.debian.org/tracker/CVE-2023-45871

https://security-tracker.debian.org/tracker/CVE-2023-4622

https://security-tracker.debian.org/tracker/CVE-2023-4623

https://security-tracker.debian.org/tracker/CVE-2023-4921

https://security-tracker.debian.org/tracker/CVE-2023-51780

https://security-tracker.debian.org/tracker/CVE-2023-51781

https://security-tracker.debian.org/tracker/CVE-2023-51782

https://security-tracker.debian.org/tracker/CVE-2023-5717

https://security-tracker.debian.org/tracker/CVE-2023-6606

https://security-tracker.debian.org/tracker/CVE-2023-6931

https://security-tracker.debian.org/tracker/CVE-2023-6932

https://packages.debian.org/source/buster/linux

Plugin Details

Severity: Critical

ID: 189094

File Name: debian_DLA-3710.nasl

Version: 1.2

Type: local

Agent: unix

Published: 1/16/2024

Updated: 1/22/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-44879

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-25775

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.5

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2023-3776

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-common-rt, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-686-pae, p-cpe:/a:debian:debian_linux:libcpupower1, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-common, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-cloud-amd64-dbg, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-kbuild-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-686-dbg, p-cpe:/a:debian:debian_linux:linux-source-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-amd64, p-cpe:/a:debian:debian_linux:libcpupower-dev, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:libbpf4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-686, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-i386, p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:libbpf-dev, p-cpe:/a:debian:debian_linux:linux-cpupower, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all, p-cpe:/a:debian:debian_linux:linux-perf-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86, p-cpe:/a:debian:debian_linux:linux-support-4.19.0-26, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-armhf, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-dbg, p-cpe:/a:debian:debian_linux:usbip, p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-doc-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-amd64-dbg, p-cpe:/a:debian:debian_linux:hyperv-daemons, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-config-4.19

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/10/2024

Vulnerability Publication Date: 2/14/2022

Reference Information

CVE: CVE-2021-44879, CVE-2023-0590, CVE-2023-1077, CVE-2023-1206, CVE-2023-1989, CVE-2023-25775, CVE-2023-3212, CVE-2023-3390, CVE-2023-34319, CVE-2023-34324, CVE-2023-35001, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-3776, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4244, CVE-2023-42753, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-45871, CVE-2023-4622, CVE-2023-4623, CVE-2023-4921, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-5717, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932