Search...

PHP 5.3.6 multiple null pointer dereference

2011-08-27T00:00:00

ID SECURITYVULNS:DOC:26930
Type securityvulns
Reporter Securityvulns
Modified 2011-08-27T00:00:00

Description

[ PHP 5.3.6 multiple null pointer dereference ]

Author: Maksymilian Arciemowicz http://securityreason.com/ http://securityreason.net/ http://cxib.net/

Date: - Dis.: 20.07.2011 - Pub.: 19.08.2011

Affected Software (verified): PHP 5.3.6 and prior

Fixed: PHP 5.3.7

Original URL: http://securityreason.com/achievement_securityalert/101

--- 0.Description --- PHP is a general-purpose scripting language originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. It also has evolved to include a command-line interface capability and can be used in standalone graphical applications.

--- 1. PHP 5.3.6 multiple null pointer dereference --- Some time ago we have reported list with possible NULL pointer dereferences in php 5.3.6. If user may change size of malloc, it's possible to get NULL pointer dereferences. I haven't enought time to check security impacts for all these bugs.

To demonstrate these flaws, we may use default memory limit in OpenBSD [512MB]. We should allocate a lot of memory like 510MB (still 2MB free). If some string is longer than 2MB (example 4MB), and php try copy this string using malloc/strlen etc then malloc return NULL. Then program is counting with possible NULL pointer dereference or buffer overflow sympthons.

Example: http://cwe.mitre.org/data/definitions/690.html

where CWE-690 give CWE-476 NULL pointer dereference

good example for CWE-690 is

    tz-&gt;location.comments = malloc&#40;comments_len + 1&#41;;
    memcpy&#40;tz-&gt;location.comments, *tzf, comments_len&#41;;

This code may provide to null pointer dereference or simple crash with nulling memory with memset()

    in.str = malloc&#40;&#40;e - s&#41; + YYMAXFILL&#41;;
    memset&#40;in.str, 0, &#40;e - s&#41; + YYMAXFILL&#41;;
    memcpy&#40;in.str, s, &#40;e - s&#41;&#41;;

Program received signal SIGSEGV, Segmentation fault. 0xbba7581c in memset () from /usr/lib/libc.so.12 (gdb) x/i $eip 0xbba7581c <memset+44>: rep stos %eax,%es:(%edi) (gdb) x/x $eax 0x0: Cannot access memory at address 0x0 (gdb) x/x $edi 0x0: Cannot access memory at address 0x0

In this case, memset() overwrite the memory with 0x0 char. If attacker can put something else that 0x0, it would have security impact.

There are more interesting places, where user may try change size of malloc. See bellow

-id0-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/curl/interfacec?view=markup

820 if (!CRYPTO_get_id_callback()) { 821 int i, c = CRYPTO_num_locks(); 822 823 php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T)); 824 825 for (i = 0; i < c; ++i) { 826 php_curl_openssl_tsl[i] = tsrm_mutex_alloc(); 827 } 828 829 CRYPTO_set_id_callback(php_curl_ssl_id); 830 CRYPTO_set_locking_callback(php_curl_ssl_lock); 831 } -id0-end---------

-id1-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c?view=markup http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/parse_iso_intervals.c?view=markup multiple malloc/calloc/realloc

323 uchar buf = (uchar) malloc(((s->lim - s->bot) + BSIZE)*sizeof(uchar)); 324 memcpy(buf, s->tok, s->lim - s->tok);

496 str = calloc(1, end - begin + 1); 497 memcpy(str, begin, end - begin);

346 s->errors->warning_messages = realloc(s->errors->warning_messages, s->errors->warning_count * sizeof(timelib_error_message)); 347 s->errors->warning_messages[s->errors->warning_count - 1].position = s->tok ? s->tok - s->str : 0; 348 s->errors->warning_messages[s->errors->warning_count - 1].character = s->tok ? *s->tok : 0; 349 s->errors->warning_messages[s->errors->warning_count - 1].message = strdup(error); -id1-end---------

-id2-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/parse_tz.c?view=markup

210 tz->location.comments = malloc(comments_len + 1); 211 memcpy(tz->location.comments, tzf, comments_len); 212 tz->location.comments[comments_len] = '\0'; 213 tzf += comments_len; -id2-end---------

-id3-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/timelib.c?revision=305315&view=markup

124 tmp->trans = (int32_t ) malloc(tz->timecnt * sizeof(int32_t)); 125 tmp->trans_idx = (unsigned char) malloc(tz->timecnt * sizeof(unsigned char)); 126 memcpy(tmp->trans, tz->trans, tz->timecnt * sizeof(int32_t)); 127 memcpy(tmp->trans_idx, tz->trans_idx, tz->timecnt * sizeof(unsigned char)); 128 129 tmp->type = (ttinfo) malloc(tz->typecnt * sizeof(struct ttinfo)); 130 memcpy(tmp->type, tz->type, tz->typecnt * sizeof(struct ttinfo)); 131 132 tmp->timezone_abbr = (char) malloc(tz->charcnt); 133 memcpy(tmp->timezone_abbr, tz->timezone_abbr, tz->charcnt); 134 135 tmp->leap_times = (tlinfo*) malloc(tz->leapcnt * sizeof(tlinfo)); 136 memcpy(tmp->leap_times, tz->leap_times, tz->leapcnt * sizeof(tlinfo)); -id3-end---------

-id4-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/pdo_odbc/pdo_odbc.c?view=markup

98 char instance = INI_STR("pdo_odbc.db2_instance_name"); 99 if (instance) { 100 char env = malloc(sizeof("DB2INSTANCE=") + strlen(instance)); 101 strcpy(env, "DB2INSTANCE="); 102 strcat(env, instance); 103 putenv(env); -id4-end---------

-id5-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c?view=markup

238 class_entry->interfaces = (zend_class_entry *) realloc(class_entry->interfaces, sizeof(zend_class_entry ) * num_interfaces); 239 class_entry->interfaces[num_interfaces - 1] = interface_entry; -id5-end---------

-id6-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c?view=markup

2368 prest = malloc(sizeof(sdlRestrictionChar)); 2369 memset(prest, 0, sizeof(sdlRestrictionChar)); -id6-end---------

-id7-start--------- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/xmlrpc/libxmlrpc/base64.c?view=markup

26 b->data = malloc(sizeof(char)*(b->length)); 27 b->data[0] = 0;

38 b->data = realloc(b->data, b->length); 39 b->ptr = b->data + b->offset; -id7-end---------

-id8-start--------- http://svn.php.net/viewvc/php/php-src/trunk/TSRM/tsrm_win32.c?view=markup

532 cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2); 533 sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command); 534 if (asuser) { 535 res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); 536 CloseHandle(token_user); -id8-end---------

--- 2. PoC (realloc/malloc) --- This proof of concept was verified on NetBSD with php 5.3.7.

127# ulimit -m 100000 127# ulimit -v 100000 127# cat /www/strtotime.php <?php $strx=str_repeat("A",$argv[1]); var_dump(strtotime($strx)); ?>127# 127# /cxib/5371/build/bin/php /www/strtotime.php 33388888 Memory fault (core dumped)

127# gdb -q /cxib/5371/build/bin/php (gdb) r /www/strtotime.php 33388888 Starting program: /cxib/5371/build/bin/php /www/strtotime.php 33388888

Program received signal SIGSEGV, Segmentation fault. 0x0806e8bd in add_error (s=0xbfbfcf90, error=0x83ea7d8 "Double timezone specification") at /cxib/5371/ext/date/lib/parse_date.c:355 355 s->errors->error_messages[s->errors->error_count - 1].position = s->tok ? s->tok - s->str : 0; (gdb) print s->errors->error_messages $1 = (struct timelib_error_message *) 0x0 (gdb) print s->errors->error_count $2 = 1835009

--- 3. Fix --- Use PHP 5.3.7

--- 4. Greets --- PHP Team for fixes and discussions.

sp3x infospec

--- 5. Contact --- Author: Maksymilian Arciemowicz

Email: - cxib {a\./t] securityreason [d=t} com

GPG: - http://securityreason.com/key/Arciemowicz.Maksymilian.gpg

http://securityreason.com/ http://securityreason.net/ http://cxib.net/

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:26930", "bulletinFamily": "software", "title": "PHP 5.3.6 multiple null pointer dereference", "description": "[ PHP 5.3.6 multiple null pointer dereference ]\r\n\r\nAuthor: Maksymilian Arciemowicz\r\nhttp://securityreason.com/\r\nhttp://securityreason.net/\r\nhttp://cxib.net/\r\n\r\nDate:\r\n- Dis.: 20.07.2011\r\n- Pub.: 19.08.2011\r\n\r\nAffected Software (verified):\r\nPHP 5.3.6 and prior\r\n\r\nFixed:\r\nPHP 5.3.7\r\n\r\nOriginal URL:\r\nhttp://securityreason.com/achievement_securityalert/101\r\n\r\n\r\n--- 0.Description ---\r\nPHP is a general-purpose scripting language originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. It also has evolved to include a command-line interface capability and can be used in standalone graphical applications.\r\n\r\n\r\n--- 1. PHP 5.3.6 multiple null pointer dereference ---\r\nSome time ago we have reported list with possible NULL pointer dereferences in php 5.3.6. If user may change size of malloc, it's possible to get NULL pointer dereferences. I haven't enought time to check security impacts for all these bugs. \r\n\r\nTo demonstrate these flaws, we may use default memory limit in OpenBSD [512MB]. We should allocate a lot of memory like 510MB (still 2MB free). If some string is longer than 2MB (example 4MB), and php try copy this string using malloc/strlen etc then malloc return NULL. Then program is counting with possible NULL pointer dereference or buffer overflow sympthons.\r\n\r\nExample:\r\nhttp://cwe.mitre.org/data/definitions/690.html\r\n\r\nwhere CWE-690 give CWE-476 NULL pointer dereference\r\n\r\ngood example for CWE-690 is\r\n\r\n tz->location.comments = malloc(comments_len + 1);\r\n memcpy(tz->location.comments, *tzf, comments_len);\r\n\r\nThis code may provide to null pointer dereference or simple crash with nulling memory with memset()\r\n\r\n in.str = malloc((e - s) + YYMAXFILL);\r\n memset(in.str, 0, (e - s) + YYMAXFILL);\r\n memcpy(in.str, s, (e - s));\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0xbba7581c in memset () from /usr/lib/libc.so.12\r\n(gdb) x/i $eip\r\n0xbba7581c <memset+44>: rep stos %eax,%es:(%edi)\r\n(gdb) x/x $eax\r\n0x0: Cannot access memory at address 0x0\r\n(gdb) x/x $edi\r\n0x0: Cannot access memory at address 0x0\r\n\r\nIn this case, memset() overwrite the memory with 0x0 char. If attacker can put something else that 0x0, it would have security impact. \r\n\r\nThere are more interesting places, where user may try change size of malloc. See bellow\r\n\r\n-id0-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/curl/interfacec?view=markup\r\n\r\n820 if (!CRYPTO_get_id_callback()) {\r\n821 int i, c = CRYPTO_num_locks();\r\n822\r\n823 php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));\r\n824\r\n825 for (i = 0; i < c; ++i) {\r\n826 php_curl_openssl_tsl[i] = tsrm_mutex_alloc();\r\n827 }\r\n828\r\n829 CRYPTO_set_id_callback(php_curl_ssl_id);\r\n830 CRYPTO_set_locking_callback(php_curl_ssl_lock);\r\n831 }\r\n-id0-end---------\r\n\r\n\r\n-id1-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c?view=markup\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/parse_iso_intervals.c?view=markup\r\nmultiple malloc/calloc/realloc\r\n\r\n323 uchar *buf = (uchar*) malloc(((s->lim - s->bot) +\r\nBSIZE)*sizeof(uchar));\r\n324 memcpy(buf, s->tok, s->lim - s->tok);\r\n\r\n496 str = calloc(1, end - begin + 1);\r\n497 memcpy(str, begin, end - begin);\r\n\r\n346 s->errors->warning_messages =\r\nrealloc(s->errors->warning_messages, s->errors->warning_count *\r\nsizeof(timelib_error_message));\r\n347 s->errors->warning_messages[s->errors->warning_count -\r\n1].position = s->tok ? s->tok - s->str : 0;\r\n348 s->errors->warning_messages[s->errors->warning_count -\r\n1].character = s->tok ? *s->tok : 0;\r\n349 s->errors->warning_messages[s->errors->warning_count -\r\n1].message = strdup(error);\r\n-id1-end---------\r\n\r\n\r\n-id2-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/parse_tz.c?view=markup\r\n\r\n210 tz->location.comments = malloc(comments_len + 1);\r\n211 memcpy(tz->location.comments, *tzf, comments_len);\r\n212 tz->location.comments[comments_len] = '\0';\r\n213 *tzf += comments_len;\r\n-id2-end---------\r\n\r\n\r\n-id3-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/date/lib/timelib.c?revision=305315&view=markup\r\n\r\n124 tmp->trans = (int32_t *) malloc(tz->timecnt * sizeof(int32_t));\r\n125 tmp->trans_idx = (unsigned char*) malloc(tz->timecnt *\r\nsizeof(unsigned char));\r\n126 memcpy(tmp->trans, tz->trans, tz->timecnt * sizeof(int32_t));\r\n127 memcpy(tmp->trans_idx, tz->trans_idx, tz->timecnt *\r\nsizeof(unsigned char));\r\n128\r\n129 tmp->type = (ttinfo*) malloc(tz->typecnt * sizeof(struct ttinfo));\r\n130 memcpy(tmp->type, tz->type, tz->typecnt * sizeof(struct ttinfo));\r\n131\r\n132 tmp->timezone_abbr = (char*) malloc(tz->charcnt);\r\n133 memcpy(tmp->timezone_abbr, tz->timezone_abbr, tz->charcnt);\r\n134\r\n135 tmp->leap_times = (tlinfo*) malloc(tz->leapcnt * sizeof(tlinfo));\r\n136 memcpy(tmp->leap_times, tz->leap_times, tz->leapcnt *\r\nsizeof(tlinfo));\r\n-id3-end---------\r\n\r\n\r\n-id4-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/pdo_odbc/pdo_odbc.c?view=markup\r\n\r\n98 char *instance = INI_STR("pdo_odbc.db2_instance_name");\r\n99 if (instance) {\r\n100 char *env = malloc(sizeof("DB2INSTANCE=") +\r\nstrlen(instance));\r\n101 strcpy(env, "DB2INSTANCE=");\r\n102 strcat(env, instance);\r\n103 putenv(env);\r\n-id4-end---------\r\n\r\n\r\n-id5-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c?view=markup\r\n\r\n238 class_entry->interfaces = (zend_class_entry **)\r\nrealloc(class_entry->interfaces, sizeof(zend_class_entry *) *\r\nnum_interfaces);\r\n239 class_entry->interfaces[num_interfaces - 1] = interface_entry;\r\n-id5-end---------\r\n\r\n\r\n-id6-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c?view=markup\r\n\r\n2368 prest = malloc(sizeof(sdlRestrictionChar));\r\n2369 memset(prest, 0, sizeof(sdlRestrictionChar));\r\n-id6-end---------\r\n\r\n\r\n-id7-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/xmlrpc/libxmlrpc/base64.c?view=markup\r\n\r\n26 b->data = malloc(sizeof(char)*(b->length));\r\n27 b->data[0] = 0;\r\n\r\n38 b->data = realloc(b->data, b->length);\r\n39 b->ptr = b->data + b->offset;\r\n-id7-end---------\r\n\r\n\r\n-id8-start---------\r\nhttp://svn.php.net/viewvc/php/php-src/trunk/TSRM/tsrm_win32.c?view=markup\r\n\r\n532 cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2);\r\n533 sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command);\r\n534 if (asuser) {\r\n535 res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process);\r\n536 CloseHandle(token_user);\r\n-id8-end---------\r\n\r\n\r\n--- 2. PoC (realloc/malloc) ---\r\nThis proof of concept was verified on NetBSD with php 5.3.7.\r\n\r\n127# ulimit -m 100000\r\n127# ulimit -v 100000 \r\n127# cat /www/strtotime.php\r\n<?php\r\n$strx=str_repeat("A",$argv[1]);\r\nvar_dump(strtotime($strx));\r\n?>127# \r\n127# /cxib/5371/build/bin/php /www/strtotime.php 33388888 \r\nMemory fault (core dumped) \r\n\r\n127# gdb -q /cxib/5371/build/bin/php\r\n(gdb) r /www/strtotime.php 33388888\r\nStarting program: /cxib/5371/build/bin/php /www/strtotime.php 33388888\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x0806e8bd in add_error (s=0xbfbfcf90, \r\n error=0x83ea7d8 "Double timezone specification")\r\n at /cxib/5371/ext/date/lib/parse_date.c:355\r\n355 s->errors->error_messages[s->errors->error_count - 1].position = s->tok ? s->tok - s->str : 0;\r\n(gdb) print s->errors->error_messages\r\n$1 = (struct timelib_error_message *) 0x0\r\n(gdb) print s->errors->error_count\r\n$2 = 1835009\r\n\r\n\r\n--- 3. Fix ---\r\nUse PHP 5.3.7\r\n\r\n\r\n--- 4. Greets ---\r\nPHP Team for fixes and discussions.\r\n\r\nsp3x infospec\r\n\r\n\r\n--- 5. Contact ---\r\nAuthor: Maksymilian Arciemowicz\r\n\r\nEmail:\r\n- cxib {a\./t] securityreason [d=t} com\r\n\r\nGPG:\r\n- http://securityreason.com/key/Arciemowicz.Maksymilian.gpg\r\n\r\nhttp://securityreason.com/\r\nhttp://securityreason.net/\r\nhttp://cxib.net/\r\n", "published": "2011-08-27T00:00:00", "modified": "2011-08-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26930", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:41", "edition": 1, "viewCount": 38, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:10:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-7273", "CVE-2014-2595", "CVE-2015-9286", "CVE-2008-7272"]}, {"type": "zdt", "idList": ["1337DAY-ID-26930"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32659", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658", "SECURITYVULNS:VULN:14754"]}], "modified": "2018-08-31T11:10:41", "rev": 2}, "vulnersScore": 5.9}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"nessus": [{"id": "DEBIAN_DLA-2689.NASL", "hash": "687febba0d13c0a256e85cc9f0acee15", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "https://security-tracker.debian.org/tracker/source-package/linux", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-10-08T23:43:56", "history": [{"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "cd178c4e4365cb4b5cbfbb5dafc0fd2eff163be37b352a079e898af1e7f94485", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "https://packages.debian.org/source/stretch/linux", "https://security-tracker.debian.org/tracker/source-package/linux"], "cvelist": ["CVE-2021-32399", "CVE-2020-36322", "CVE-2020-25670", "CVE-2020-24588", "CVE-2021-33034", "CVE-2021-29265", "CVE-2020-25671", "CVE-2021-29650", "CVE-2021-23133", "CVE-2021-3564", "CVE-2021-28688", "CVE-2021-0129", "CVE-2021-3573", "CVE-2021-23134", "CVE-2021-30002", "CVE-2021-28964", "CVE-2021-29154", "CVE-2020-26558", "CVE-2021-20292", "CVE-2020-26139", "CVE-2021-26930", "CVE-2021-28660", "CVE-2020-29374", "CVE-2021-28950", "CVE-2021-28971", "CVE-2020-26147", "CVE-2021-31916", "CVE-2020-25672", "CVE-2020-24586", "CVE-2021-29647", "CVE-2021-3483", "CVE-2021-3587", "CVE-2020-24587", "CVE-2021-3428"], "immutableFields": [], "lastseen": "2021-06-25T15:00:33", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"modified": "2021-06-25T15:00:33", "references": [{"idList": ["AL2_ALAS-2021-1627.NASL", "UBUNTU_USN-4979-1.NASL", "EULEROS_SA-2021-1967.NASL", "DEBIAN_DLA-2690.NASL", "UBUNTU_USN-4984-1.NASL", "UBUNTU_USN-4982-1.NASL", "ALA_ALAS-2021-1503.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "EULEROS_SA-2021-1971.NASL"], "type": "nessus"}, {"idList": ["ALAS-2021-1503", "ALAS2-2021-1627"], "type": "amazon"}, {"idList": ["RH:CVE-2021-29647", "RH:CVE-2021-33034", "RH:CVE-2021-31916", "RH:CVE-2021-23134", "RH:CVE-2021-20292", "RH:CVE-2021-28660", "RH:CVE-2021-32399", "RH:CVE-2021-29265", "RH:CVE-2021-30002", "RH:CVE-2021-28950"], "type": "redhatcve"}, {"idList": ["ELSA-2021-9223", "ELSA-2021-9222"], "type": "oraclelinux"}, {"idList": ["CVE-2021-32399", "CVE-2021-33034", "CVE-2021-29265", "CVE-2021-28688", "CVE-2021-23134", "CVE-2021-30002", "CVE-2021-20292", "CVE-2021-28950", "CVE-2021-31916", "CVE-2021-29647"], "type": "cve"}, {"idList": ["USN-4984-1", "USN-4982-1", "USN-5001-1", "USN-4979-1", "USN-4946-1", "USN-5000-2", "USN-5000-1"], "type": "ubuntu"}, {"idList": ["UB:CVE-2021-31916", "UB:CVE-2021-28688", "UB:CVE-2021-23134", "UB:CVE-2021-33034", "UB:CVE-2021-29647", "UB:CVE-2021-32399", "UB:CVE-2021-28950", "UB:CVE-2021-30002", "UB:CVE-2021-20292", "UB:CVE-2021-29265"], "type": "ubuntucve"}, {"idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"], "type": "debian"}], "rev": 2}, "score": {"modified": "2021-06-25T15:00:33", "rev": 2, "value": 5.8, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/24\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "cpe:/o:debian:debian_linux:9.0"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-06-25T15:00:33", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "2e8ac2fe96900266dd8db592860d183d4e0bf25d341ecf93550732320fc05484", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "https://packages.debian.org/source/stretch/linux", "https://security-tracker.debian.org/tracker/source-package/linux"], "cvelist": ["CVE-2021-32399", "CVE-2020-36322", "CVE-2020-25670", "CVE-2020-24588", "CVE-2021-33034", "CVE-2021-29265", "CVE-2020-25671", "CVE-2021-29650", "CVE-2021-23133", "CVE-2021-3564", "CVE-2021-28688", "CVE-2021-0129", "CVE-2021-3573", "CVE-2021-23134", "CVE-2021-30002", "CVE-2021-28964", "CVE-2021-29154", "CVE-2020-26558", "CVE-2021-20292", "CVE-2020-26139", "CVE-2021-26930", "CVE-2021-28660", "CVE-2020-29374", "CVE-2021-28950", "CVE-2021-28971", "CVE-2020-26147", "CVE-2021-31916", "CVE-2020-25672", "CVE-2020-24586", "CVE-2021-29647", "CVE-2021-3483", "CVE-2021-3587", "CVE-2020-24587", "CVE-2021-3428"], "immutableFields": [], "lastseen": "2021-07-01T23:01:04", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"modified": "2021-07-01T23:01:04", "references": [{"idList": ["SSA-2021-202-01"], "type": "slackware"}, {"idList": ["CVE-2021-29265", "CVE-2021-28688", "CVE-2021-23134", "CVE-2021-30002", "CVE-2021-20292", "CVE-2021-26930", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-31916"], "type": "cve"}, {"idList": ["ALAS-2021-1503", "ALAS2-2021-1685", "ALAS2-2021-1627"], "type": "amazon"}, {"idList": ["USN-4984-1", "USN-4982-1", "USN-4979-1", "USN-5018-1", "USN-4946-1"], "type": "ubuntu"}, {"idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0947-1"], "type": "suse"}, {"idList": ["UB:CVE-2021-28971", "UB:CVE-2021-31916", "UB:CVE-2021-28688", "UB:CVE-2021-23134", "UB:CVE-2021-26930", "UB:CVE-2021-28660", "UB:CVE-2021-28950", "UB:CVE-2021-30002", "UB:CVE-2021-20292", "UB:CVE-2021-29265"], "type": "ubuntucve"}, {"idList": ["ELSA-2021-9223", "ELSA-2021-9222"], "type": "oraclelinux"}, {"idList": ["RH:CVE-2021-29647", "RH:CVE-2021-31916", "RH:CVE-2021-23134", "RH:CVE-2021-20292", "RH:CVE-2021-28660", "RH:CVE-2021-32399", "RH:CVE-2021-29265", "RH:CVE-2021-30002", "RH:CVE-2021-28971", "RH:CVE-2021-28950"], "type": "redhatcve"}, {"idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/"], "type": "metasploit"}, {"idList": ["AL2_ALAS-2021-1627.NASL", "UBUNTU_USN-4979-1.NASL", "EULEROS_SA-2021-1967.NASL", "DEBIAN_DLA-2690.NASL", "EULEROS_SA-2021-2062.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "UBUNTU_USN-4982-1.NASL", "ALA_ALAS-2021-1503.NASL", "AL2_ALAS-2021-1685.NASL", "EULEROS_SA-2021-1971.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"], "type": "debian"}], "rev": 2}, "score": {"modified": "2021-07-01T23:01:04", "rev": 2, "value": 5.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "cpe:/o:debian:debian_linux:9.0"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-01T23:01:04", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "825adc532539f92eef457da88db0f3cf", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "https://packages.debian.org/source/stretch/linux", "https://security-tracker.debian.org/tracker/source-package/linux"], "cvelist": ["CVE-2021-32399", "CVE-2020-36322", "CVE-2020-25670", "CVE-2020-24588", "CVE-2021-33034", "CVE-2021-29265", "CVE-2020-25671", "CVE-2021-29650", "CVE-2021-23133", "CVE-2021-3564", "CVE-2021-28688", "CVE-2021-0129", "CVE-2021-3573", "CVE-2021-23134", "CVE-2021-30002", "CVE-2021-28964", "CVE-2021-29154", "CVE-2020-26558", "CVE-2021-20292", "CVE-2020-26139", "CVE-2021-26930", "CVE-2021-28660", "CVE-2020-29374", "CVE-2021-28950", "CVE-2021-28971", "CVE-2020-26147", "CVE-2021-31916", "CVE-2020-25672", "CVE-2020-24586", "CVE-2021-29647", "CVE-2021-3483", "CVE-2021-3587", "CVE-2020-24587", "CVE-2021-3428"], "immutableFields": [], "lastseen": "2021-07-28T22:59:40", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["UBUNTU_USN-4979-1.NASL", "DEBIAN_DLA-2690.NASL", "UBUNTU_USN-4982-1.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "EULEROS_SA-2021-1967.NASL", "AL2_ALAS-2021-1685.NASL", "AL2_ALAS-2021-1627.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-2062.NASL", "ALA_ALAS-2021-1503.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-4946-1", "USN-4982-1", "USN-5018-1", "USN-4979-1", "USN-4984-1"]}, {"type": "amazon", "idList": ["ALAS2-2021-1685", "ALAS2-2021-1627", "ALAS-2021-1503"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/"]}, {"type": "cve", "idList": ["CVE-2021-28660", "CVE-2021-29647", "CVE-2021-23134", "CVE-2021-26930", "CVE-2021-28688", "CVE-2021-31916", "CVE-2021-20292", "CVE-2021-29265", "CVE-2021-30002", "CVE-2021-28971"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-31916", "RH:CVE-2021-29647", "RH:CVE-2021-29265", "RH:CVE-2021-23134", "RH:CVE-2021-29650", "RH:CVE-2021-28660", "RH:CVE-2021-32399", "RH:CVE-2021-20292", "RH:CVE-2021-30002", "RH:CVE-2021-28971"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29647", "UB:CVE-2021-28971", "UB:CVE-2021-30002", "UB:CVE-2021-28688", "UB:CVE-2021-26930", "UB:CVE-2021-31916", "UB:CVE-2021-29265", "UB:CVE-2021-28660", "UB:CVE-2021-23134", "UB:CVE-2021-20292"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0579-1"]}], "modified": "2021-07-28T22:59:40", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-07-28T22:59:40", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "cpe:/o:debian:debian_linux:9.0"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T22:59:40", "differentElements": ["cpe", "cvelist", "cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "d53aec08375711724ed0d4ee54276115", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-05T12:46:54", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1967.NASL", "AL2_ALAS-2021-1685.NASL", "EULEROS_SA-2021-2062.NASL", "DEBIAN_DLA-2690.NASL", "EULEROS_SA-2021-1971.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "ALA_ALAS-2021-1503.NASL", "UBUNTU_USN-4979-1.NASL", "AL2_ALAS-2021-1627.NASL", "UBUNTU_USN-4982-1.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-4979-1", "USN-5018-1", "USN-4982-1", "USN-4984-1"]}, {"type": "amazon", "idList": ["ALAS2-2021-1685", "ALAS-2021-1503", "ALAS2-2021-1627"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/", "MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29265", "RH:CVE-2021-31916", "RH:CVE-2021-28964", "RH:CVE-2021-28950", "RH:CVE-2021-28660", "RH:CVE-2021-30002", "RH:CVE-2021-20292", "RH:CVE-2021-28971", "RH:CVE-2021-29647", "RH:CVE-2021-23134"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28971", "UB:CVE-2021-28688", "UB:CVE-2021-28964", "UB:CVE-2021-23134", "UB:CVE-2021-28950", "UB:CVE-2021-28660", "UB:CVE-2021-20292", "UB:CVE-2021-29265", "UB:CVE-2021-31916", "UB:CVE-2021-30002"]}, {"type": "cve", "idList": ["CVE-2021-23134", "CVE-2021-28971", "CVE-2021-30002", "CVE-2021-20292", "CVE-2021-28950", "CVE-2021-28660", "CVE-2021-31916", "CVE-2021-28964", "CVE-2021-29265", "CVE-2021-28688"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0579-1"]}], "modified": "2021-08-05T12:46:54", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-05T12:46:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": [], "solution": "Upgrade the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:46:54", "differentElements": ["cpe"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "ff806c650f31bbe52c7e50b06eddcafc", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-06T13:22:46", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1967.NASL", "AL2_ALAS-2021-1685.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "UBUNTU_USN-4979-1.NASL", "AL2_ALAS-2021-1627.NASL", "ALA_ALAS-2021-1503.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-2062.NASL", "DEBIAN_DLA-2690.NASL", "UBUNTU_USN-4982-1.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-5046-1", "USN-5000-2", "USN-5018-1", "USN-5000-1", "USN-4982-1", "USN-4979-1", "USN-5001-1", "USN-4984-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:58E18367C5A247865E715DF802E7BD7E", "CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "amazon", "idList": ["ALAS2-2021-1627", "ALAS2-2021-1685", "ALAS-2021-1503"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "cve", "idList": ["CVE-2021-29265", "CVE-2021-28971", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-20292", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-30002", "CVE-2021-28688", "CVE-2021-23134"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28964", "RH:CVE-2021-31916", "RH:CVE-2021-30002", "RH:CVE-2021-23134", "RH:CVE-2021-29647", "RH:CVE-2021-28971", "RH:CVE-2021-28950", "RH:CVE-2021-20292", "RH:CVE-2021-29265", "RH:CVE-2021-28660"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29647", "UB:CVE-2021-28971", "UB:CVE-2021-20292", "UB:CVE-2021-28660", "UB:CVE-2021-28950", "UB:CVE-2021-23134", "UB:CVE-2021-30002", "UB:CVE-2021-29265", "UB:CVE-2021-28688", "UB:CVE-2021-31916"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0843-1"]}], "modified": "2021-08-06T13:22:46", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-06T13:22:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:22:46", "differentElements": ["nessusSeverity"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "687febba0d13c0a256e85cc9f0acee15", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-19T12:00:04", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1627.NASL", "AL2_ALAS-2021-1685.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-2062.NASL", "ALA_ALAS-2021-1503.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "UBUNTU_USN-4979-1.NASL", "DEBIAN_DLA-2690.NASL", "EULEROS_SA-2021-1967.NASL", "UBUNTU_USN-4982-1.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-4979-1", "USN-5046-1", "USN-4984-1", "USN-5018-1", "USN-4982-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "amazon", "idList": ["ALAS2-2021-1627", "ALAS-2021-1503", "ALAS2-2021-1685"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-20292", "UB:CVE-2021-28971", "UB:CVE-2021-28950", "UB:CVE-2021-28964", "UB:CVE-2021-29650", "UB:CVE-2021-30002", "UB:CVE-2021-31916", "UB:CVE-2021-29647", "UB:CVE-2021-28660", "UB:CVE-2021-29265"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28950", "RH:CVE-2021-29647", "RH:CVE-2021-29265", "RH:CVE-2021-20292", "RH:CVE-2021-31916", "RH:CVE-2021-28964", "RH:CVE-2021-29650", "RH:CVE-2021-28660", "RH:CVE-2021-30002", "RH:CVE-2021-28971"]}, {"type": "cve", "idList": ["CVE-2021-28660", "CVE-2021-28964", "CVE-2021-31916", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-29265", "CVE-2021-20292", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29650"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9222", "ELSA-2021-9223"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0579-1"]}], "modified": "2021-08-19T12:00:04", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-19T12:00:04", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:00:04", "differentElements": ["vpr"], "edition": 6}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "9c9beec9da3804234566cb5de4b9bb7c", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-28T11:39:43", "history": [], "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1967.NASL", "AL2_ALAS-2021-1627.NASL", "EULEROS_SA-2021-2062.NASL", "AL2_ALAS-2021-1685.NASL", "UBUNTU_USN-4982-1.NASL", "DEBIAN_DLA-2690.NASL", "ALA_ALAS-2021-1503.NASL", "EULEROS_SA-2021-1971.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "UBUNTU_USN-4979-1.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-5018-1", "USN-4979-1", "USN-4984-1", "USN-4982-1", "USN-5046-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "amazon", "idList": ["ALAS2-2021-1685", "ALAS2-2021-1627", "ALAS-2021-1503"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/"]}, {"type": "cve", "idList": ["CVE-2021-29265", "CVE-2021-20292", "CVE-2021-28971", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-29647", "CVE-2021-28660", "CVE-2021-28950"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28660", "UB:CVE-2021-28964", "UB:CVE-2021-29265", "UB:CVE-2021-28950", "UB:CVE-2021-30002", "UB:CVE-2021-20292", "UB:CVE-2021-28688", "UB:CVE-2021-31916", "UB:CVE-2021-29647", "UB:CVE-2021-28971"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28964", "RH:CVE-2021-30002", "RH:CVE-2021-28660", "RH:CVE-2021-29647", "RH:CVE-2021-23134", "RH:CVE-2021-28971", "RH:CVE-2021-28950", "RH:CVE-2021-20292", "RH:CVE-2021-29265", "RH:CVE-2021-31916"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0579-1"]}], "modified": "2021-08-28T11:39:43", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-28T11:39:43", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-28T11:39:43", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "687febba0d13c0a256e85cc9f0acee15", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "https://security-tracker.debian.org/tracker/source-package/linux", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-09-04T00:23:05", "history": [], "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1503.NASL", "UBUNTU_USN-4982-1.NASL", "DEBIAN_DLA-2690.NASL", "AL2_ALAS-2021-1627.NASL", "UBUNTU_USN-4979-1.NASL", "AL2_ALAS-2021-1685.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-1967.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "EULEROS_SA-2021-1971.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-5018-1", "USN-4984-1", "USN-4982-1", "USN-4979-1", "USN-5046-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS2-2021-1685", "ALAS2-2021-1627"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29265", "UB:CVE-2021-28688", "UB:CVE-2021-31916", "UB:CVE-2021-20292", "UB:CVE-2021-30002", "UB:CVE-2021-28950", "UB:CVE-2021-28660", "UB:CVE-2021-28971", "UB:CVE-2020-29374", "UB:CVE-2021-29647"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20292", "RH:CVE-2021-29265", "RH:CVE-2020-29374", "RH:CVE-2021-23133", "RH:CVE-2021-28950", "RH:CVE-2021-29647", "RH:CVE-2021-28971", "RH:CVE-2021-30002", "RH:CVE-2021-31916", "RH:CVE-2021-28660"]}, {"type": "cve", "idList": ["CVE-2021-29265", "CVE-2021-28660", "CVE-2021-28971", "CVE-2021-31916", "CVE-2021-30002", "CVE-2021-28688", "CVE-2020-29374", "CVE-2021-20292", "CVE-2021-28950", "CVE-2021-29647"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9222", "ELSA-2021-9223"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0579-1"]}], "modified": "2021-09-04T00:23:05", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-09-04T00:23:05", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-04T00:23:05", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "9c9beec9da3804234566cb5de4b9bb7c", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-09-04T23:38:52", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1503.NASL", "EULEROS_SA-2021-2221.NASL", "UBUNTU_USN-5000-2.NASL", "SUSE_SU-2021-1912-1.NASL", "EULEROS_SA-2021-1971.NASL", "SUSE_SU-2021-1899-1.NASL", "EULEROS_SA-2021-2195.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "UBUNTU_USN-5018-1.NASL", "UBUNTU_USN-4984-1.NASL", "OPENSUSE-2021-843.NASL", "SUSE_SU-2021-1890-1.NASL", "OPENSUSE-2021-579.NASL", "SUSE_SU-2021-1888-1.NASL", "SUSE_SU-2021-1913-1.NASL", "EULEROS_SA-2021-2062.NASL", "OPENSUSE-2021-947.NASL", "DEBIAN_DLA-2690.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "AL2_ALAS-2021-1685.NASL", "UBUNTU_USN-4979-1.NASL", "EULEROS_SA-2021-2051.NASL", "UBUNTU_USN-4982-1.NASL", "UBUNTU_USN-5000-1.NASL", "EULEROS_SA-2021-2336.NASL", "AL2_ALAS-2021-1627.NASL", "EULEROS_SA-2021-1967.NASL", "SUSE_SU-2021-2208-1.NASL", "EULEROS_SA-2021-2246.NASL", "SUSE_SU-2021-1889-1.NASL", "SUSE_SU-2021-1891-1.NASL", "SUSE_SU-2021-1887-1.NASL", "UBUNTU_USN-5001-1.NASL", "ORACLELINUX_ELSA-2021-9223.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-5000-1", "USN-4982-1", "USN-5046-1", "USN-5000-2", "USN-5001-1", "USN-4979-1", "USN-5018-1", "USN-4984-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23", "CFOUNDRY:58E18367C5A247865E715DF802E7BD7E"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS2-2021-1685", "ALAS2-2021-1627"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0579-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29647", "UB:CVE-2021-29650", "UB:CVE-2021-23133", "UB:CVE-2021-28971", "UB:CVE-2021-31916", "UB:CVE-2021-28964", "UB:CVE-2021-20292", "UB:CVE-2021-30002", "UB:CVE-2021-28950", "UB:CVE-2020-29374", "UB:CVE-2021-23134", "UB:CVE-2021-28660", "UB:CVE-2021-28688", "UB:CVE-2021-29265"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28964", "RH:CVE-2020-29374", "RH:CVE-2021-20292", "RH:CVE-2021-29650", "RH:CVE-2021-30002", "RH:CVE-2021-23133", "RH:CVE-2021-29647", "RH:CVE-2021-29265", "RH:CVE-2021-28950", "RH:CVE-2021-28660", "RH:CVE-2021-23134", "RH:CVE-2021-28971", "RH:CVE-2021-31916"]}, {"type": "cve", "idList": ["CVE-2021-28950", "CVE-2021-29650", "CVE-2021-20292", "CVE-2021-31916", "CVE-2021-28660", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-29647", "CVE-2021-28971", "CVE-2021-29265", "CVE-2021-23133", "CVE-2020-29374", "CVE-2021-30002"]}], "modified": "2021-09-04T23:38:52", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-09-04T23:38:52", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-04T23:38:52", "differentElements": ["vpr"], "edition": 9}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "334b263670d80c06b89465b4e3ca6130", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-10-03T12:01:11", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1503.NASL", "EULEROS_SA-2021-2221.NASL", "UBUNTU_USN-5000-2.NASL", "SUSE_SU-2021-1912-1.NASL", "EULEROS_SA-2021-1971.NASL", "SUSE_SU-2021-1899-1.NASL", "EULEROS_SA-2021-2195.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "UBUNTU_USN-5018-1.NASL", "UBUNTU_USN-4984-1.NASL", "OPENSUSE-2021-843.NASL", "SUSE_SU-2021-1890-1.NASL", "OPENSUSE-2021-579.NASL", "SUSE_SU-2021-1888-1.NASL", "SUSE_SU-2021-1913-1.NASL", "EULEROS_SA-2021-2062.NASL", "OPENSUSE-2021-947.NASL", "DEBIAN_DLA-2690.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "AL2_ALAS-2021-1685.NASL", "UBUNTU_USN-4979-1.NASL", "EULEROS_SA-2021-2051.NASL", "UBUNTU_USN-4982-1.NASL", "UBUNTU_USN-5000-1.NASL", "EULEROS_SA-2021-2336.NASL", "AL2_ALAS-2021-1627.NASL", "EULEROS_SA-2021-1967.NASL", "SUSE_SU-2021-2208-1.NASL", "EULEROS_SA-2021-2246.NASL", "SUSE_SU-2021-1889-1.NASL", "SUSE_SU-2021-1891-1.NASL", "SUSE_SU-2021-1887-1.NASL", "UBUNTU_USN-5001-1.NASL", "ORACLELINUX_ELSA-2021-9223.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-5000-1", "USN-4982-1", "USN-5046-1", "USN-5000-2", "USN-5001-1", "USN-4979-1", "USN-5018-1", "USN-4984-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23", "CFOUNDRY:58E18367C5A247865E715DF802E7BD7E"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS2-2021-1685", "ALAS2-2021-1627"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0579-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29647", "UB:CVE-2021-29650", "UB:CVE-2021-23133", "UB:CVE-2021-28971", "UB:CVE-2021-31916", "UB:CVE-2021-28964", "UB:CVE-2021-20292", "UB:CVE-2021-30002", "UB:CVE-2021-28950", "UB:CVE-2020-29374", "UB:CVE-2021-23134", "UB:CVE-2021-28660", "UB:CVE-2021-28688", "UB:CVE-2021-29265"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28964", "RH:CVE-2020-29374", "RH:CVE-2021-20292", "RH:CVE-2021-29650", "RH:CVE-2021-30002", "RH:CVE-2021-23133", "RH:CVE-2021-29647", "RH:CVE-2021-29265", "RH:CVE-2021-28950", "RH:CVE-2021-28660", "RH:CVE-2021-23134", "RH:CVE-2021-28971", "RH:CVE-2021-31916"]}, {"type": "cve", "idList": ["CVE-2021-28950", "CVE-2021-29650", "CVE-2021-20292", "CVE-2021-31916", "CVE-2021-28660", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-29647", "CVE-2021-28971", "CVE-2021-29265", "CVE-2021-23133", "CVE-2020-29374", "CVE-2021-30002"]}], "modified": "2021-09-04T23:38:52", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-09-04T23:38:52", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-03T12:01:11", "differentElements": ["vpr"], "edition": 10}, {"bulletin": {"id": "DEBIAN_DLA-2689.NASL", "hash": "8df28eb6c7c961b0634517a6c98d3e51", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2689-1 : linux security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150985", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "https://packages.debian.org/source/stretch/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "https://security-tracker.debian.org/tracker/source-package/linux", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-10-03T23:40:50", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1627.NASL", "EULEROS_SA-2021-2221.NASL", "UBUNTU_USN-4979-1.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "SUSE_SU-2021-1887-1.NASL", "AL2_ALAS-2021-1685.NASL", "SUSE_SU-2021-1913-1.NASL", "DEBIAN_DLA-2690.NASL", "EULEROS_SA-2021-2336.NASL", "OPENSUSE-2021-843.NASL", "SUSE_SU-2021-1889-1.NASL", "SUSE_SU-2021-1891-1.NASL", "EULEROS_SA-2021-2051.NASL", "SUSE_SU-2021-1890-1.NASL", "EULEROS_SA-2021-2062.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "EULEROS_SA-2021-1971.NASL", "OPENSUSE-2021-579.NASL", "SUSE_SU-2021-1899-1.NASL", "UBUNTU_USN-4984-1.NASL", "SUSE_SU-2021-1888-1.NASL", "UBUNTU_USN-4982-1.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "ALA_ALAS-2021-1503.NASL", "EULEROS_SA-2021-1967.NASL", "UBUNTU_USN-5018-1.NASL", "OPENSUSE-2021-947.NASL", "SUSE_SU-2021-1912-1.NASL", "SUSE_SU-2021-2208-1.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-4979-1", "USN-4984-1", "USN-5018-1", "USN-4982-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS2-2021-1627", "ALAS2-2021-1685"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/", "MSF:ILITIES/DEBIAN-CVE-2020-36322/"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30002", "RH:CVE-2021-23134", "RH:CVE-2021-20292", "RH:CVE-2021-23133", "RH:CVE-2021-28950", "RH:CVE-2020-26147", "RH:CVE-2021-29650", "RH:CVE-2021-28660", "RH:CVE-2020-26139", "RH:CVE-2021-33034", "RH:CVE-2021-29647", "RH:CVE-2021-28964", "RH:CVE-2021-31916", "RH:CVE-2021-29265", "RH:CVE-2021-28971", "RH:CVE-2020-29374"]}, {"type": "cve", "idList": ["CVE-2021-33034", "CVE-2020-29374", "CVE-2021-29650", "CVE-2021-28964", "CVE-2020-26139", "CVE-2020-24586", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-30002", "CVE-2021-28950", "CVE-2021-20292", "CVE-2020-26147", "CVE-2021-28971", "CVE-2021-23133", "CVE-2021-29265", "CVE-2021-23134", "CVE-2021-28660", "CVE-2021-28688"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28964", "UB:CVE-2021-28660", "UB:CVE-2021-23134", "UB:CVE-2021-29647", "UB:CVE-2021-33034", "UB:CVE-2021-29265", "UB:CVE-2021-31916", "UB:CVE-2020-29374", "UB:CVE-2021-28971", "UB:CVE-2020-26139", "UB:CVE-2021-28688", "UB:CVE-2020-26147", "UB:CVE-2021-29650", "UB:CVE-2021-30002", "UB:CVE-2021-23133", "UB:CVE-2021-20292", "UB:CVE-2021-28950"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9222", "ELSA-2021-9223"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0843-1"]}], "modified": "2021-10-03T23:40:50", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-10-03T23:40:50", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-03T23:40:50", "differentElements": ["vpr"], "edition": 11}], "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["SUSE_SU-2021-1889-1.NASL", "AL2_ALAS-2021-1685.NASL", "SUSE_SU-2021-1913-1.NASL", "AL2_ALAS-2021-1627.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "SUSE_SU-2021-1912-1.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-2051.NASL", "OPENSUSE-2021-947.NASL", "OPENSUSE-2021-579.NASL", "SUSE_SU-2021-2208-1.NASL", "SUSE_SU-2021-1899-1.NASL", "UBUNTU_USN-4984-1.NASL", "SUSE_SU-2021-1887-1.NASL", "EULEROS_SA-2021-1967.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "EULEROS_SA-2021-2221.NASL", "ALA_ALAS-2021-1503.NASL", "UBUNTU_USN-4982-1.NASL", "SUSE_SU-2021-1890-1.NASL", "UBUNTU_USN-5018-1.NASL", "SUSE_SU-2021-1888-1.NASL", "SUSE_SU-2021-1891-1.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "UBUNTU_USN-4979-1.NASL", "DEBIAN_DLA-2690.NASL", "EULEROS_SA-2021-2336.NASL", "OPENSUSE-2021-843.NASL"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "ubuntu", "idList": ["USN-4982-1", "USN-5018-1", "USN-5046-1", "USN-4979-1", "USN-4984-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS2-2021-1627", "ALAS2-2021-1685"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-36322/", "MSF:ILITIES/DEBIAN-CVE-2020-36322/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-36322/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28971", "UB:CVE-2021-28660", "UB:CVE-2020-24586", "UB:CVE-2020-26139", "UB:CVE-2021-29647", "UB:CVE-2021-28950", "UB:CVE-2021-28688", "UB:CVE-2021-30002", "UB:CVE-2021-29650", "UB:CVE-2020-26147", "UB:CVE-2021-31916", "UB:CVE-2020-29374", "UB:CVE-2021-20292", "UB:CVE-2021-23133", "UB:CVE-2021-29265", "UB:CVE-2021-23134", "UB:CVE-2021-28964"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20292", "RH:CVE-2021-30002", "RH:CVE-2020-29374", "RH:CVE-2021-28950", "RH:CVE-2021-28971", "RH:CVE-2021-29647", "RH:CVE-2021-28964", "RH:CVE-2020-26147", "RH:CVE-2020-24586", "RH:CVE-2021-23133", "RH:CVE-2020-26139", "RH:CVE-2021-29650", "RH:CVE-2021-28660", "RH:CVE-2021-29265", "RH:CVE-2021-23134", "RH:CVE-2021-31916"]}, {"type": "cve", "idList": ["CVE-2021-31916", "CVE-2020-26147", "CVE-2021-28950", "CVE-2020-29374", "CVE-2021-28660", "CVE-2021-23134", "CVE-2021-20292", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-29650", "CVE-2021-28964", "CVE-2021-29265", "CVE-2020-24586", "CVE-2021-28688", "CVE-2020-26139", "CVE-2021-28971", "CVE-2021-23133"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9223", "ELSA-2021-9222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0579-1"]}], "modified": "2021-10-08T23:43:56", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-10-08T23:43:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "DEBIAN_DLA-2690.NASL", "hash": "84ac23004aefb455fde3782c79340728", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could lead to an out-of-bounds read when accessing a crafted filesystem. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF (eBPF) verifier did not completely protect against information leaks due to speculative execution. A local user could exploit these to obtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some Freescale SoCs did not correctly handle a Rx queue overrun when jumbo packets were enabled. On systems using this driver and jumbo packets, an attacker on the network could exploit this to cause a denial of service (crash).\n\nThis driver is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949, #988352, and #989451; and includes many more bug fixes from stable updates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "https://packages.debian.org/source/stretch/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "https://security-tracker.debian.org/tracker/source-package/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2021-0129", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3483", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-10-08T23:43:16", "history": [{"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "8418b2feffeb54391d3e725f11fc22d39af39955ecc1c051fb350d5754fdc097", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/source-package/linux-4.19", "https://packages.debian.org/source/stretch/linux-4.19", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"], "cvelist": ["CVE-2021-32399", "CVE-2020-25670", "CVE-2020-24588", "CVE-2021-33034", "CVE-2020-25671", "CVE-2021-29650", "CVE-2021-23133", "CVE-2021-3564", "CVE-2021-29264", "CVE-2021-28688", "CVE-2021-0129", "CVE-2021-3573", "CVE-2021-23134", "CVE-2021-28964", "CVE-2021-29154", "CVE-2020-26558", "CVE-2020-26139", "CVE-2021-26930", "CVE-2021-29155", "CVE-2020-29374", "CVE-2021-3506", "CVE-2021-28971", "CVE-2020-26147", "CVE-2021-31916", "CVE-2020-25672", "CVE-2020-24586", "CVE-2021-31829", "CVE-2021-29647", "CVE-2021-3483", "CVE-2021-3587", "CVE-2020-24587"], "immutableFields": [], "lastseen": "2021-06-25T15:00:34", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-06-25T15:00:34", "references": [{"idList": ["UB:CVE-2021-28971", "UB:CVE-2021-31829", "UB:CVE-2021-31916", "UB:CVE-2021-29264", "UB:CVE-2021-28688", "UB:CVE-2021-23134", "UB:CVE-2021-33034", "UB:CVE-2021-29647", "UB:CVE-2021-32399", "UB:CVE-2021-29155"], "type": "ubuntucve"}, {"idList": ["ALAS-2021-1503", "ALAS2-2021-1636"], "type": "amazon"}, {"idList": ["CVE-2021-32399", "CVE-2021-33034", "CVE-2021-29264", "CVE-2021-28688", "CVE-2021-23134", "CVE-2021-29155", "CVE-2021-28971", "CVE-2021-31916", "CVE-2021-31829", "CVE-2021-29647"], "type": "cve"}, {"idList": ["RH:CVE-2021-29647", "RH:CVE-2021-33034", "RH:CVE-2021-31916", "RH:CVE-2021-23134", "RH:CVE-2021-31829", "RH:CVE-2021-23133", "RH:CVE-2021-32399", "RH:CVE-2021-29264", "RH:CVE-2021-29155", "RH:CVE-2021-28971"], "type": "redhatcve"}, {"idList": ["USN-4997-2", "USN-4997-1", "USN-4982-1", "USN-5001-1", "USN-4979-1", "USN-5000-2", "USN-4999-1", "USN-5000-1", "USN-4948-1"], "type": "ubuntu"}, {"idList": ["AKB:BAAFFD25-660E-40C6-8978-DD33365E66B6"], "type": "attackerkb"}, {"idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"], "type": "debian"}, {"idList": ["SUSE_SU-2021-1887-1.NASL", "UBUNTU_USN-5001-1.NASL", "UBUNTU_USN-4997-1.NASL", "UBUNTU_USN-5000-1.NASL", "UBUNTU_USN-4999-1.NASL", "UBUNTU_USN-4982-1.NASL", "ALA_ALAS-2021-1503.NASL", "AL2_ALAS-2021-1636.NASL", "DEBIAN_DLA-2689.NASL", "SUSE_SU-2021-1891-1.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-06-25T15:00:34", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/24\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "cpe:/o:debian:debian_linux:9.0"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-06-25T15:00:34", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "48d469c3c712ed5ee34eac11c1b8e49702a030893be31437e84734c02660a119", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/source-package/linux-4.19", "https://packages.debian.org/source/stretch/linux-4.19", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"], "cvelist": ["CVE-2021-32399", "CVE-2020-25670", "CVE-2020-24588", "CVE-2021-33034", "CVE-2020-25671", "CVE-2021-29650", "CVE-2021-23133", "CVE-2021-3564", "CVE-2021-29264", "CVE-2021-28688", "CVE-2021-0129", "CVE-2021-3573", "CVE-2021-23134", "CVE-2021-28964", "CVE-2021-29154", "CVE-2020-26558", "CVE-2020-26139", "CVE-2021-26930", "CVE-2021-29155", "CVE-2020-29374", "CVE-2021-3506", "CVE-2021-28971", "CVE-2020-26147", "CVE-2021-31916", "CVE-2020-25672", "CVE-2020-24586", "CVE-2021-31829", "CVE-2021-29647", "CVE-2021-3483", "CVE-2021-3587", "CVE-2020-24587"], "immutableFields": [], "lastseen": "2021-07-01T23:01:04", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-07-01T23:01:04", "references": [{"idList": ["RH:CVE-2021-29647", "RH:CVE-2021-31916", "RH:CVE-2021-23134", "RH:CVE-2021-31829", "RH:CVE-2021-23133", "RH:CVE-2020-29374", "RH:CVE-2021-28964", "RH:CVE-2021-29264", "RH:CVE-2021-29155", "RH:CVE-2021-28971"], "type": "redhatcve"}, {"idList": ["USN-4997-2", "USN-4997-1", "USN-4982-1", "USN-5001-1", "USN-4979-1", "USN-5018-1", "USN-5000-2", "USN-4999-1", "USN-5000-1"], "type": "ubuntu"}, {"idList": ["SSA-2021-202-01"], "type": "slackware"}, {"idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1"], "type": "suse"}, {"idList": ["ORACLELINUX_ELSA-2021-9363.NASL", "UBUNTU_USN-5000-1.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "UBUNTU_USN-4982-1.NASL", "UBUNTU_USN-5018-1.NASL", "EULEROS_SA-2021-2195.NASL", "ALA_ALAS-2021-1503.NASL", "AL2_ALAS-2021-1685.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "DEBIAN_DLA-2689.NASL"], "type": "nessus"}, {"idList": ["CVE-2021-29264", "CVE-2021-28688", "CVE-2021-23134", "CVE-2021-28964", "CVE-2021-26930", "CVE-2021-29155", "CVE-2021-28971", "CVE-2021-31916", "CVE-2021-31829", "CVE-2021-29647"], "type": "cve"}, {"idList": ["ELSA-2021-9362", "ELSA-2021-9363"], "type": "oraclelinux"}, {"idList": ["ALAS-2021-1503", "ALAS2-2021-1685", "ALAS2-2021-1636"], "type": "amazon"}, {"idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"], "type": "debian"}, {"idList": ["UB:CVE-2021-28971", "UB:CVE-2021-31829", "UB:CVE-2021-31916", "UB:CVE-2021-29264", "UB:CVE-2021-28688", "UB:CVE-2021-23134", "UB:CVE-2021-26930", "UB:CVE-2021-29647", "UB:CVE-2021-29155", "UB:CVE-2021-28964"], "type": "ubuntucve"}], "rev": 2}, "score": {"modified": "2021-07-01T23:01:04", "rev": 2, "value": 6.2, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "cpe:/o:debian:debian_linux:9.0"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-01T23:01:04", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "b02d0eb0bfe3bde33c753b238629b5e3", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/source-package/linux-4.19", "https://packages.debian.org/source/stretch/linux-4.19", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"], "cvelist": ["CVE-2021-32399", "CVE-2020-25670", "CVE-2020-24588", "CVE-2021-33034", "CVE-2020-25671", "CVE-2021-29650", "CVE-2021-23133", "CVE-2021-3564", "CVE-2021-29264", "CVE-2021-28688", "CVE-2021-0129", "CVE-2021-3573", "CVE-2021-23134", "CVE-2021-28964", "CVE-2021-29154", "CVE-2020-26558", "CVE-2020-26139", "CVE-2021-26930", "CVE-2021-29155", "CVE-2020-29374", "CVE-2021-3506", "CVE-2021-28971", "CVE-2020-26147", "CVE-2021-31916", "CVE-2020-25672", "CVE-2020-24586", "CVE-2021-31829", "CVE-2021-29647", "CVE-2021-3483", "CVE-2021-3587", "CVE-2020-24587"], "immutableFields": [], "lastseen": "2021-07-28T22:59:41", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1503.NASL", "UBUNTU_USN-4982-1.NASL", "DEBIAN_DLA-2689.NASL", "UBUNTU_USN-5000-1.NASL", "UBUNTU_USN-5018-1.NASL", "EULEROS_SA-2021-2195.NASL", "AL2_ALAS-2021-1685.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "ORACLELINUX_ELSA-2021-9363.NASL"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS2-2021-1636", "ALAS2-2021-1685"]}, {"type": "ubuntu", "idList": ["USN-4982-1", "USN-4979-1", "USN-5000-1", "USN-5001-1", "USN-4948-1", "USN-5000-2", "USN-5018-1", "USN-4997-1", "USN-4997-2", "USN-4999-1"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9363", "ELSA-2021-9362"]}, {"type": "cve", "idList": ["CVE-2021-29647", "CVE-2021-26930", "CVE-2021-28964", "CVE-2021-28688", "CVE-2021-23134", "CVE-2021-29155", "CVE-2021-31829", "CVE-2021-28971", "CVE-2021-31916", "CVE-2021-29264"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29264", "UB:CVE-2021-29647", "UB:CVE-2021-23134", "UB:CVE-2021-31916", "UB:CVE-2021-28971", "UB:CVE-2021-28964", "UB:CVE-2021-31829", "UB:CVE-2021-28688", "UB:CVE-2021-26930", "UB:CVE-2021-29155"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-31916", "RH:CVE-2021-31829", "RH:CVE-2021-29264", "RH:CVE-2021-28971", "RH:CVE-2021-29647", "RH:CVE-2021-23133", "RH:CVE-2021-23134", "RH:CVE-2021-29155", "RH:CVE-2020-29374", "RH:CVE-2021-28964"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1"]}], "modified": "2021-07-28T22:59:41", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-07-28T22:59:41", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "cpe:/o:debian:debian_linux:9.0"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T22:59:41", "differentElements": ["cpe", "cvelist", "cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "3dc8e9e7d707849e34f64e4b559dde0b", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could lead to an out-of-bounds read when accessing a crafted filesystem. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF (eBPF) verifier did not completely protect against information leaks due to speculative execution. A local user could exploit these to obtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some Freescale SoCs did not correctly handle a Rx queue overrun when jumbo packets were enabled. On systems using this driver and jumbo packets, an attacker on the network could exploit this to cause a denial of service (crash).\n\nThis driver is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949, #988352, and #989451; and includes many more bug fixes from stable updates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/stretch/linux-4.19", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "https://security-tracker.debian.org/tracker/source-package/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2021-0129", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3483", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-05T12:47:07", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2021-9363.NASL", "AL2_ALAS-2021-1685.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "UBUNTU_USN-5000-1.NASL", "UBUNTU_USN-4982-1.NASL", "EULEROS_SA-2021-2195.NASL", "UBUNTU_USN-5018-1.NASL", "DEBIAN_DLA-2689.NASL", "ALA_ALAS-2021-1503.NASL"]}, {"type": "amazon", "idList": ["ALAS2-2021-1685", "ALAS2-2021-1636", "ALAS-2021-1503"]}, {"type": "ubuntu", "idList": ["USN-4997-2", "USN-5000-1", "USN-5000-2", "USN-5001-1", "USN-4997-1", "USN-5018-1", "USN-4999-1", "USN-4982-1", "USN-4979-1"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9363", "ELSA-2021-9362"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-31829", "UB:CVE-2021-28964", "UB:CVE-2021-28688", "UB:CVE-2021-23133", "UB:CVE-2021-23134", "UB:CVE-2021-31916", "UB:CVE-2021-28971", "UB:CVE-2021-29647", "UB:CVE-2021-29155", "UB:CVE-2021-29264"]}, {"type": "cve", "idList": ["CVE-2021-23134", "CVE-2021-23133", "CVE-2021-28964", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-31829", "CVE-2021-28971", "CVE-2021-29647", "CVE-2021-28688", "CVE-2021-31916"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-29374", "RH:CVE-2021-31916", "RH:CVE-2021-28971", "RH:CVE-2021-29155", "RH:CVE-2021-31829", "RH:CVE-2021-29647", "RH:CVE-2021-28964", "RH:CVE-2021-29264", "RH:CVE-2021-23134", "RH:CVE-2021-23133"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1"]}], "modified": "2021-08-05T12:47:07", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-08-05T12:47:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": [], "solution": "Upgrade the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:47:07", "differentElements": ["cpe"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "c085505a89fbcc332fd8df577e8c0830", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could lead to an out-of-bounds read when accessing a crafted filesystem. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF (eBPF) verifier did not completely protect against information leaks due to speculative execution. A local user could exploit these to obtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some Freescale SoCs did not correctly handle a Rx queue overrun when jumbo packets were enabled. On systems using this driver and jumbo packets, an attacker on the network could exploit this to cause a denial of service (crash).\n\nThis driver is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949, #988352, and #989451; and includes many more bug fixes from stable updates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "https://packages.debian.org/source/stretch/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "https://security-tracker.debian.org/tracker/source-package/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2021-0129", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3483", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-06T13:22:57", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1685.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "EULEROS_SA-2021-2195.NASL", "UBUNTU_USN-5000-1.NASL", "DEBIAN_DLA-2689.NASL", "ORACLELINUX_ELSA-2021-9363.NASL", "ALA_ALAS-2021-1503.NASL", "UBUNTU_USN-5018-1.NASL", "UBUNTU_USN-4982-1.NASL", "ORACLELINUX_ELSA-2021-9362.NASL"]}, {"type": "amazon", "idList": ["ALAS2-2021-1685", "ALAS2-2021-1636", "ALAS-2021-1503"]}, {"type": "ubuntu", "idList": ["USN-5046-1", "USN-5000-2", "USN-5018-1", "USN-4997-1", "USN-5000-1", "USN-4999-1", "USN-4982-1", "USN-4979-1", "USN-5001-1", "USN-4997-2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:58E18367C5A247865E715DF802E7BD7E", "CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9362", "ELSA-2021-9363"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-29374", "RH:CVE-2021-28964", "RH:CVE-2021-29650", "RH:CVE-2021-31916", "RH:CVE-2021-29264", "RH:CVE-2021-23134", "RH:CVE-2021-29647", "RH:CVE-2021-29155", "RH:CVE-2021-31829", "RH:CVE-2021-28971"]}, {"type": "cve", "idList": ["CVE-2021-28964", "CVE-2021-28971", "CVE-2020-29374", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-29264", "CVE-2021-29155", "CVE-2021-31829", "CVE-2021-28688", "CVE-2021-23134"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-31829", "UB:CVE-2021-28971", "UB:CVE-2021-29647", "UB:CVE-2021-29155", "UB:CVE-2021-23134", "UB:CVE-2021-29264", "UB:CVE-2021-28688", "UB:CVE-2020-29374", "UB:CVE-2021-28964", "UB:CVE-2021-31916"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0843-1"]}], "modified": "2021-08-06T13:22:57", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-06T13:22:57", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:22:57", "differentElements": ["nessusSeverity"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "84ac23004aefb455fde3782c79340728", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could lead to an out-of-bounds read when accessing a crafted filesystem. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF (eBPF) verifier did not completely protect against information leaks due to speculative execution. A local user could exploit these to obtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some Freescale SoCs did not correctly handle a Rx queue overrun when jumbo packets were enabled. On systems using this driver and jumbo packets, an attacker on the network could exploit this to cause a denial of service (crash).\n\nThis driver is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949, #988352, and #989451; and includes many more bug fixes from stable updates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264", "https://packages.debian.org/source/stretch/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "https://security-tracker.debian.org/tracker/source-package/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2021-0129", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3483", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-19T12:00:28", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1685.NASL", "ALA_ALAS-2021-1503.NASL", "UBUNTU_USN-5018-1.NASL", "EULEROS_SA-2021-2195.NASL", "DEBIAN_DLA-2689.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "ORACLELINUX_ELSA-2021-9363.NASL", "UBUNTU_USN-5000-1.NASL", "UBUNTU_USN-4982-1.NASL"]}, {"type": "amazon", "idList": ["ALAS2-2021-1636", "ALAS-2021-1503", "ALAS2-2021-1685"]}, {"type": "ubuntu", "idList": ["USN-5000-1", "USN-5000-2", "USN-4979-1", "USN-4997-2", "USN-4997-1", "USN-4999-1", "USN-5046-1", "USN-5001-1", "USN-5018-1", "USN-4982-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23", "CFOUNDRY:58E18367C5A247865E715DF802E7BD7E"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9362", "ELSA-2021-9363"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28971", "UB:CVE-2021-28964", "UB:CVE-2021-23133", "UB:CVE-2021-28688", "UB:CVE-2021-31916", "UB:CVE-2021-29264", "UB:CVE-2021-29647", "UB:CVE-2021-31829", "UB:CVE-2021-29650", "UB:CVE-2021-29155"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29155", "RH:CVE-2021-29647", "RH:CVE-2021-31916", "RH:CVE-2021-28964", "RH:CVE-2021-29650", "RH:CVE-2021-23133", "RH:CVE-2021-23134", "RH:CVE-2021-29264", "RH:CVE-2021-28971", "RH:CVE-2021-31829"]}, {"type": "cve", "idList": ["CVE-2021-29264", "CVE-2021-23133", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-31916", "CVE-2021-31829", "CVE-2021-29647", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29650"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0843-1", "OPENSUSE-SU-2021:0947-1"]}], "modified": "2021-08-19T12:00:28", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-19T12:00:28", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-06-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:00:28", "differentElements": ["vpr"], "edition": 6}, {"bulletin": {"id": "DEBIAN_DLA-2690.NASL", "hash": "bb0f35d49fd541229c82867fa4fc3b2b", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2690-1 : linux-4.19 security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (尹亮) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (尹亮) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n马哲宇 (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could lead to an out-of-bounds read when accessing a crafted filesystem. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF (eBPF) verifier did not completely protect against information leaks due to speculative execution. A local user could exploit these to obtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some Freescale SoCs did not correctly handle a Rx queue overrun when jumbo packets were enabled. On systems using this driver and jumbo packets, an attacker on the network could exploit this to cause a denial of service (crash).\n\nThis driver is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949, #988352, and #989451; and includes many more bug fixes from stable updates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-06-24T00:00:00", "modified": "2021-06-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/150984", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139", "https://packages.debian.org/source/stretch/linux-4.19", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28964", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28971", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "https://security-tracker.debian.org/tracker/source-package/linux-4.19", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134"], "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2021-0129", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3483", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "immutableFields": [], "lastseen": "2021-08-28T11:39:07", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2689-1:31A23"]}, {"type": "nessus", "idList": ["UBUNTU_USN-5018-1.NASL", "UBUNTU_USN-5000-1.NASL", "AL2_ALAS-2021-1685.NASL", "ORACLELINUX_ELSA-2021-9362.NASL", "UBUNTU_USN-4982-1.NASL", "ALA_ALAS-2021-1503.NASL", "EULEROS_SA-2021-2195.NASL", "DEBIAN_DLA-2689.NASL", "ORACLELINUX_ELSA-2021-9363.NASL", "SLACKWARE_SSA_2021-202-01.NASL"]}, {"type": "amazon", "idList": ["ALAS2-2021-1636", "ALAS2-2021-1685", "ALAS-2021-1503"]}, {"type": "ubuntu", "idList": ["USN-5001-1", "USN-5018-1", "USN-4997-1", "USN-4999-1", "USN-5000-2", "USN-4997-2", "USN-4982-1", "USN-5000-1", "USN-5046-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23", "CFOUNDRY:58E18367C5A247865E715DF802E7BD7E"]}, {"type": "slackware", "idList": ["SSA-2021-202-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9362", "ELSA-2021-9363"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29155", "UB:CVE-2021-29650", "UB:CVE-2021-28964", "UB:CVE-2021-28688", "UB:CVE-2021-31829", "UB:CVE-2021-23134", "UB:CVE-2021-31916", "UB:CVE-2021-29647", "UB:CVE-2021-28971", "UB:CVE-2021-29264"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29650", "RH:CVE-2021-28964", "RH:CVE-2021-29647", "RH:CVE-2021-29155", "RH:CVE-2021-31829", "RH:CVE-2021-23134", "RH:CVE-2021-29264", "RH:CVE-2021-28971", "RH:CVE-2021-23133", "RH:CVE-2021-31916"]}, {"type": "cve", "idList": ["CVE-2021-29650", "CVE-2021-29155", "CVE-2021-28971", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-23134", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-29647", "CVE-2021-29264"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0947-1", "OPENSUSE-SU-2021:0843-1"]}], "modified": "2021-08-28T11:39:07", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-28T11:39:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered th