Debian dla-3840 : hyperv-daemons - security update

high Nessus Plugin ID 201099

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3840 advisory.

------------------------------------------------------------------------- Debian LTS Advisory DLA-3840-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings June 25, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : linux Version : 4.19.316-1 CVE ID : CVE-2021-33630 CVE-2022-48627 CVE-2023-0386 CVE-2023-6040 CVE-2023-6270 CVE-2023-7042 CVE-2023-46838 CVE-2023-47233 CVE-2023-52340 CVE-2023-52429 CVE-2023-52436 CVE-2023-52439 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52449 CVE-2023-52464 CVE-2023-52469 CVE-2023-52470 CVE-2023-52486 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52609 CVE-2023-52612 CVE-2023-52615 CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623 CVE-2023-52628 CVE-2023-52644 CVE-2023-52650 CVE-2023-52670 CVE-2023-52679 CVE-2023-52683 CVE-2023-52691 CVE-2023-52693 CVE-2023-52698 CVE-2023-52699 CVE-2023-52880 CVE-2024-0340 CVE-2024-0607 CVE-2024-1086 CVE-2024-22099 CVE-2024-23849 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861 CVE-2024-25739 CVE-2024-26597 CVE-2024-26600 CVE-2024-26602 CVE-2024-26606 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26642 CVE-2024-26645 CVE-2024-26651 CVE-2024-26663 CVE-2024-26664 CVE-2024-26671 CVE-2024-26675 CVE-2024-26679 CVE-2024-26685 CVE-2024-26696 CVE-2024-26697 CVE-2024-26704 CVE-2024-26720 CVE-2024-26722 CVE-2024-26735 CVE-2024-26744 CVE-2024-26752 CVE-2024-26754 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26772 CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26791 CVE-2024-26793 CVE-2024-26801 CVE-2024-26805 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26839 CVE-2024-26840 CVE-2024-26845 CVE-2024-26851 CVE-2024-26852 CVE-2024-26857 CVE-2024-26859 CVE-2024-26863 CVE-2024-26874 CVE-2024-26875 CVE-2024-26878 CVE-2024-26880 CVE-2024-26883 CVE-2024-26884 CVE-2024-26889 CVE-2024-26894 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26922 CVE-2024-26923 CVE-2024-26931 CVE-2024-26934 CVE-2024-26955 CVE-2024-26956 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976 CVE-2024-26981 CVE-2024-26984 CVE-2024-26993 CVE-2024-26994 CVE-2024-26997 CVE-2024-27001 CVE-2024-27008 CVE-2024-27013 CVE-2024-27020 CVE-2024-27024 CVE-2024-27028 CVE-2024-27043 CVE-2024-27046 CVE-2024-27059 CVE-2024-27074 CVE-2024-27075 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27419 CVE-2024-27436 CVE-2024-31076 CVE-2024-33621 CVE-2024-35789 CVE-2024-35806 CVE-2024-35807 CVE-2024-35809 CVE-2024-35811 CVE-2024-35815 CVE-2024-35819 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35830 CVE-2024-35835 CVE-2024-35847 CVE-2024-35849 CVE-2024-35877 CVE-2024-35886 CVE-2024-35888 CVE-2024-35893 CVE-2024-35898 CVE-2024-35902 CVE-2024-35910 CVE-2024-35915 CVE-2024-35922 CVE-2024-35925 CVE-2024-35930 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35944 CVE-2024-35947 CVE-2024-35955 CVE-2024-35960 CVE-2024-35969 CVE-2024-35973 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35997 CVE-2024-36004 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36017 CVE-2024-36020 CVE-2024-36286 CVE-2024-36288 CVE-2024-36883 CVE-2024-36886 CVE-2024-36902 CVE-2024-36904 CVE-2024-36905 CVE-2024-36919 CVE-2024-36933 CVE-2024-36934 CVE-2024-36940 CVE-2024-36941 CVE-2024-36946 CVE-2024-36950 CVE-2024-36954 CVE-2024-36959 CVE-2024-36960 CVE-2024-36964 CVE-2024-36971 CVE-2024-37353 CVE-2024-37356 CVE-2024-38381 CVE-2024-38549 CVE-2024-38552 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38565 CVE-2024-38567 CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583 CVE-2024-38587 CVE-2024-38589 CVE-2024-38596 CVE-2024-38598 CVE-2024-38599 CVE-2024-38601 CVE-2024-38612 CVE-2024-38618 CVE-2024-38621 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634 CVE-2024-38637 CVE-2024-38659 CVE-2024-38780 CVE-2024-39292

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

For Debian 10 buster, these problems have been fixed in version 4.19.316-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the hyperv-daemons packages.

Plugin Details

Severity: High

ID: 201099

File Name: debian_DLA-3840.nasl

Version: 1.7

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 6/27/2024

Updated: 9/27/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-38627

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-common-rt, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-686-pae, p-cpe:/a:debian:debian_linux:libcpupower1, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-common, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-cloud-amd64-dbg, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-kbuild-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-686-dbg, p-cpe:/a:debian:debian_linux:linux-source-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-amd64, p-cpe:/a:debian:debian_linux:libcpupower-dev, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:libbpf4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-686, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-i386, p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:libbpf-dev, p-cpe:/a:debian:debian_linux:linux-cpupower, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all, p-cpe:/a:debian:debian_linux:linux-perf-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86, p-cpe:/a:debian:debian_linux:linux-support-4.19.0-26, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-armhf, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-armmp-dbg, p-cpe:/a:debian:debian_linux:usbip, p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-doc-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-amd64-dbg, p-cpe:/a:debian:debian_linux:hyperv-daemons, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-26-all-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-26-rt-armmp, p-cpe:/a:debian:debian_linux:linux-config-4.19

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/25/2024

Vulnerability Publication Date: 4/28/2020

CISA Known Exploited Vulnerability Due Dates: 6/20/2024, 8/28/2024

Exploitable With

Core Impact

Metasploit (Local Privilege Escalation via CVE-2023-0386)

Reference Information

CVE: CVE-2021-33630, CVE-2022-48627, CVE-2023-0386, CVE-2023-46838, CVE-2023-47233, CVE-2023-52340, CVE-2023-52429, CVE-2023-52436, CVE-2023-52439, CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52464, CVE-2023-52469, CVE-2023-52470, CVE-2023-52486, CVE-2023-52583, CVE-2023-52587, CVE-2023-52594, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52609, CVE-2023-52612, CVE-2023-52615, CVE-2023-52619, CVE-2023-52620, CVE-2023-52622, CVE-2023-52623, CVE-2023-52628, CVE-2023-52644, CVE-2023-52650, CVE-2023-52670, CVE-2023-52679, CVE-2023-52683, CVE-2023-52691, CVE-2023-52693, CVE-2023-52698, CVE-2023-52699, CVE-2023-52880, CVE-2023-6040, CVE-2023-6270, CVE-2023-7042, CVE-2024-0340, CVE-2024-0607, CVE-2024-1086, CVE-2024-22099, CVE-2024-23849, CVE-2024-23851, CVE-2024-24857, CVE-2024-24858, CVE-2024-24861, CVE-2024-25739, CVE-2024-26597, CVE-2024-26600, CVE-2024-26602, CVE-2024-26606, CVE-2024-26615, CVE-2024-26625, CVE-2024-26633, CVE-2024-26635, CVE-2024-26636, CVE-2024-26642, CVE-2024-26645, CVE-2024-26651, CVE-2024-26663, CVE-2024-26664, CVE-2024-26671, CVE-2024-26675, CVE-2024-26679, CVE-2024-26685, CVE-2024-26696, CVE-2024-26697, CVE-2024-26704, CVE-2024-26720, CVE-2024-26722, CVE-2024-26735, CVE-2024-26744, CVE-2024-26752, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26791, CVE-2024-26793, CVE-2024-26801, CVE-2024-26805, CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26825, CVE-2024-26839, CVE-2024-26840, CVE-2024-26845, CVE-2024-26851, CVE-2024-26852, CVE-2024-26857, CVE-2024-26859, CVE-2024-26863, CVE-2024-26874, CVE-2024-26875, CVE-2024-26878, CVE-2024-26880, CVE-2024-26883, CVE-2024-26884, CVE-2024-26889, CVE-2024-26894, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26917, CVE-2024-26922, CVE-2024-26923, CVE-2024-26931, CVE-2024-26934, CVE-2024-26955, CVE-2024-26956, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969, CVE-2024-26973, CVE-2024-26974, CVE-2024-26976, CVE-2024-26981, CVE-2024-26984, CVE-2024-26993, CVE-2024-26994, CVE-2024-26997, CVE-2024-27001, CVE-2024-27008, CVE-2024-27013, CVE-2024-27020, CVE-2024-27024, CVE-2024-27028, CVE-2024-27043, CVE-2024-27046, CVE-2024-27059, CVE-2024-27074, CVE-2024-27075, CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27395, CVE-2024-27396, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-27405, CVE-2024-27410, CVE-2024-27412, CVE-2024-27413, CVE-2024-27416, CVE-2024-27419, CVE-2024-27436, CVE-2024-31076, CVE-2024-33621, CVE-2024-35789, CVE-2024-35806, CVE-2024-35807, CVE-2024-35809, CVE-2024-35811, CVE-2024-35815, CVE-2024-35819, CVE-2024-35821, CVE-2024-35822, CVE-2024-35823, CVE-2024-35825, CVE-2024-35828, CVE-2024-35830, CVE-2024-35835, CVE-2024-35847, CVE-2024-35849, CVE-2024-35877, CVE-2024-35886, CVE-2024-35888, CVE-2024-35893, CVE-2024-35898, CVE-2024-35902, CVE-2024-35910, CVE-2024-35915, CVE-2024-35922, CVE-2024-35925, CVE-2024-35930, CVE-2024-35933, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35947, CVE-2024-35955, CVE-2024-35960, CVE-2024-35969, CVE-2024-35973, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35997, CVE-2024-36004, CVE-2024-36014, CVE-2024-36015, CVE-2024-36016, CVE-2024-36017, CVE-2024-36020, CVE-2024-36286, CVE-2024-36288, CVE-2024-36883, CVE-2024-36886, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36919, CVE-2024-36933, CVE-2024-36934, CVE-2024-36940, CVE-2024-36941, CVE-2024-36946, CVE-2024-36950, CVE-2024-36954, CVE-2024-36959, CVE-2024-36960, CVE-2024-36964, CVE-2024-36971, CVE-2024-37353, CVE-2024-37356, CVE-2024-38381, CVE-2024-38549, CVE-2024-38552, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38589, CVE-2024-38596, CVE-2024-38598, CVE-2024-38599, CVE-2024-38601, CVE-2024-38612, CVE-2024-38618, CVE-2024-38621, CVE-2024-38627, CVE-2024-38633, CVE-2024-38634, CVE-2024-38637, CVE-2024-38659, CVE-2024-38780, CVE-2024-39292

Detections

Analytics