Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:13614125623111220233623
HistoryOct 20, 2023 - 12:00 a.m.

Debian: Security Advisory (DLA-3623-1)

2023-10-2000:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
debian
security advisory
linux-5.10
cve-2022-4269
cve-2022-39189
cve-2023-1206
cve-2023-1380
cve-2023-2002

7.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.1.2.2023.3623");
  script_cve_id("CVE-2022-39189", "CVE-2022-4269", "CVE-2023-1206", "CVE-2023-1380", "CVE-2023-2002", "CVE-2023-2007", "CVE-2023-20588", "CVE-2023-2124", "CVE-2023-21255", "CVE-2023-21400", "CVE-2023-2269", "CVE-2023-2898", "CVE-2023-3090", "CVE-2023-31084", "CVE-2023-3111", "CVE-2023-3141", "CVE-2023-3212", "CVE-2023-3268", "CVE-2023-3338", "CVE-2023-3389", "CVE-2023-34256", "CVE-2023-34319", "CVE-2023-35788", "CVE-2023-35823", "CVE-2023-35824", "CVE-2023-3609", "CVE-2023-3611", "CVE-2023-3772", "CVE-2023-3773", "CVE-2023-3776", "CVE-2023-3863", "CVE-2023-4004", "CVE-2023-40283", "CVE-2023-4128", "CVE-2023-4132", "CVE-2023-4147", "CVE-2023-4194", "CVE-2023-4244", "CVE-2023-4273", "CVE-2023-42753", "CVE-2023-42755", "CVE-2023-42756", "CVE-2023-4622", "CVE-2023-4623", "CVE-2023-4921");
  script_tag(name:"creation_date", value:"2023-10-20 04:28:57 +0000 (Fri, 20 Oct 2023)");
  script_version("2024-02-02T05:06:10+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-14 19:38:11 +0000 (Thu, 14 Sep 2023)");

  script_name("Debian: Security Advisory (DLA-3623-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB10");

  script_xref(name:"Advisory-ID", value:"DLA-3623-1");
  script_xref(name:"URL", value:"https://www.debian.org/lts/security/2023/DLA-3623-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/linux-5.10");
  script_xref(name:"URL", value:"https://wiki.debian.org/LTS");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'linux-5.10' package(s) announced via the DLA-3623-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2022-4269

William Zhao discovered that a flaw in the Traffic Control (TC) subsystem when using a specific networking configuration (redirecting egress packets to ingress using TC action mirred), may allow a local unprivileged user to cause a denial of service (triggering a CPU soft lockup).

CVE-2022-39189

Jann Horn discovered that TLB flush operations are mishandled in the KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which may allow an unprivileged guest user to compromise the guest kernel.

CVE-2023-1206

It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant increase in the cost of lookups, increased CPU utilization).

CVE-2023-1380

Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi driver. On systems using this driver, a local user could exploit this to read sensitive information or to cause a denial of service.

CVE-2023-2002

Ruiahn Li reported an incorrect permissions check in the Bluetooth subsystem. A local user could exploit this to reconfigure local Bluetooth interfaces, resulting in information leaks, spoofing, or denial of service (loss of connection).

CVE-2023-2007

Lucas Leong and Reno Robert discovered a time-of-check-to-time-of-use flaw in the dpt_i2o SCSI controller driver. A local user with access to a SCSI device using this driver could exploit this for privilege escalation.

This flaw has been mitigated by removing support for the I2OUSRCMD operation.

CVE-2023-2124

Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing metadata validation may result in denial of service or potential privilege escalation if a corrupted XFS disk image is mounted.

CVE-2023-2269

Zheng Zhang reported that improper handling of locking in the device mapper implementation may result in denial of service.

CVE-2023-2898

It was discovered that missing sanitising in the f2fs file system may result in denial of service if a malformed file system is accessed.

CVE-2023-3090

It was discovered that missing initialization in ipvlan networking may lead to an out-of-bounds write vulnerability, resulting in denial of service or potentially the execution of arbitrary code.

CVE-2023-3111

The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. It's unclear whether an unprivileged user can exploit this.

CVE-2023-3141

A flaw was discovered in the r592 memstick driver that could lead to a use-after-free after the driver is removed or unbound from a device. The security impact of this is unclear.

CVE-2023-3212

Yang Lan discovered that missing validation in the GFS2 filesystem could result in denial of service via a NULL pointer ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'linux-5.10' package(s) on Debian 10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB10") {

  if(!isnull(res = isdpkgvuln(pkg:"linux-config-5.10", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-doc-5.10", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10-armmp-lpae", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10-rt-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-686", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-686-pae", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-amd64", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-arm64", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-armmp-lpae", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-cloud-amd64", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-cloud-arm64", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-common", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-common-rt", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-rt-686-pae", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-rt-amd64", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-rt-arm64", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-5.10.0-0.deb10.26-rt-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-686-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-686-pae-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-amd64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-amd64-signed-template", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-arm64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-arm64-signed-template", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-armmp-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-armmp-lpae", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-armmp-lpae-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-cloud-amd64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-cloud-arm64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-i386-signed-template", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-rt-686-pae-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-rt-amd64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-rt-arm64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-rt-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10-rt-armmp-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-686-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-686-pae-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-686-pae-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-686-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-amd64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-amd64-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-arm64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-arm64-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-armmp-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-armmp-lpae", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-armmp-lpae-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-cloud-amd64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-cloud-amd64-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-cloud-arm64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-cloud-arm64-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-686-pae-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-686-pae-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-amd64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-amd64-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-arm64-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-arm64-unsigned", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-armmp", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-5.10.0-0.deb10.26-rt-armmp-dbg", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-kbuild-5.10", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-perf-5.10", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-source-5.10", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-support-5.10.0-0.deb10.26", ver:"5.10.197-1~deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

debian 5
osv 31
nessus 66
openvas 55
ubuntu 27
mageia 2
virtuozzo 2
oraclelinux 2
photon 2
amazon 3
redhat 4
debian
debian
[SECURITY] [DLA 3623-1] linux-5.10 security update
2023-10-19 21:24:31
[SECURITY] [DSA 5480-1] linux security update
2023-08-18 19:01:58
[SECURITY] [DLA 3508-1] linux security update
2023-07-27 19:06:27
osv
osv
linux-5.10 - security update
2023-10-19 00:00:00
linux - security update
2023-08-18 00:00:00
linux - security update
2023-07-27 00:00:00
nessus
nessus
Debian DLA-3623-1 : linux-5.10 - LTS security update
2023-10-20 00:00:00
Debian DSA-5480-1 : linux - security update
2023-08-22 00:00:00
Debian DLA-3508-1 : linux - LTS security update
2023-07-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5480-1)
2023-08-21 00:00:00
Debian: Security Advisory (DLA-3508-1)
2023-07-31 00:00:00
Ubuntu: Security Advisory (USN-6442-1)
2023-10-20 00:00:00
ubuntu
ubuntu
Linux kernel (BlueField) vulnerabilities
2023-10-19 00:00:00
Linux kernel (OEM) vulnerabilities
2023-07-14 00:00:00
Linux kernel vulnerabilities
2023-10-30 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2023-06-19 19:29:01
Updated kernel packages fix security vulnerabilities
2023-06-19 19:29:01
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 159.0 for Virtuozzo Hybrid Server 7.5
2023-08-21 00:00:00
[Important] [Security] Virtuozzo ReadyKernel Patch 162.0 for Virtuozzo Hybrid Server 7.5
2023-10-12 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2023-09-21 00:00:00
Unbreakable Enterprise kernel security update
2023-07-31 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0656
2023-09-27 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0474
2023-09-17 00:00:00
amazon
amazon
Important: kernel
2023-09-27 22:48:00
Important: kernel
2023-09-27 22:15:00
Important: kernel
2023-08-03 18:09:00
redhat
redhat
(RHSA-2023:7411) Important: kpatch-patch security update
2023-11-21 12:19:45
(RHSA-2023:4817) Important: kernel-rt security and bug fix update
2023-08-29 07:34:23
(RHSA-2023:4815) Important: kernel security and bug fix update
2023-08-29 07:34:17

7.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON
Related for OPENVAS:13614125623111220233623
debian5osv31nessus66openvas55ubuntu27mageia2virtuozzo2oraclelinux2photon2amazon3redhat4