Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3711.NASLHistoryJan 16, 2024 - 12:00 a.m.
Debian dla-3711 : linux-config-5.10 - security update
2024-01-1600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
debian 10
linux-config-5.10
security
update
vulnerabilities
advisory
cve-2021-44879
intel(r) ethernet controller
privilege escalation
deadlock
use-after-free
root access
race condition
mmio
io_uring
tcp subsystem
remote code execution
nf_tables
perf component
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.024
Percentile
90.2%
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3711 advisory.
-
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)
-
Improper access control in the Intel® Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
(CVE-2023-25775) -
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn’t use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn’t block further readers to get the lock). (CVE-2023-34324)
-
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. (CVE-2023-35827)
-
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)
-
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. (CVE-2023-46813)
-
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)
-
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c
innvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem. (CVE-2023-5178) -
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after- free because of a vcc_recvmsg race condition. (CVE-2023-51780)
-
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use- after-free because of an atalk_recvmsg race condition. (CVE-2023-51781)
-
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use- after-free because of a rose_accept race condition. (CVE-2023-51782)
-
A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)
-
A heap out-of-bounds write vulnerability in the Linux kernel’s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event’s sibling_list is smaller than its child’s sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)
-
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
(CVE-2023-6121) -
A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use- after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. (CVE-2023-6817)
-
A heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. A perf_event’s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)
-
A use-after-free vulnerability in the Linux kernel’s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3711. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(189090);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/19");
script_cve_id(
"CVE-2021-44879",
"CVE-2023-5178",
"CVE-2023-5197",
"CVE-2023-5717",
"CVE-2023-6121",
"CVE-2023-6531",
"CVE-2023-6817",
"CVE-2023-6931",
"CVE-2023-6932",
"CVE-2023-25775",
"CVE-2023-34324",
"CVE-2023-35827",
"CVE-2023-45863",
"CVE-2023-46813",
"CVE-2023-46862",
"CVE-2023-51780",
"CVE-2023-51781",
"CVE-2023-51782"
);
script_name(english:"Debian dla-3711 : linux-config-5.10 - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3711 advisory.
- In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,
leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)
- Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30
may allow an unauthenticated user to potentially enable escalation of privilege via network access.
(CVE-2023-25775)
- Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is
being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt
in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual
device on the other side. As this action will cause console messages to be issued on the other side quite
often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not
affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the
issue (on Arm32 a waiting writer doesn't block further readers to get the lock). (CVE-2023-34324)
- An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in
drivers/net/ethernet/renesas/ravb_main.c. (CVE-2023-35827)
- An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker
can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)
- An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access
to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES
emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege
escalation). This depends on a race condition through which userspace can replace an instruction before
the #VC handler reads it. (CVE-2023-46813)
- An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an
io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)
- A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a
logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to
cause a use-after-free and double-free problem, which may permit remote code execution or lead to local
privilege escalation problem. (CVE-2023-5178)
- An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-
free because of a vcc_recvmsg race condition. (CVE-2023-51780)
- An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-
after-free because of an atalk_recvmsg race condition. (CVE-2023-51781)
- An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-
after-free because of a rose_accept race condition. (CVE-2023-51782)
- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to
achieve local privilege escalation. Addition and removal of rules from chain bindings within the same
transaction causes leads to use-after-free. We recommend upgrading past commit
f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)
- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf)
component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an
event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory
locations outside of the allocated buffer. We recommend upgrading past commit
32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)
- An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue
may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that
results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
(CVE-2023-6121)
- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to
achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set
walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-
after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. (CVE-2023-6817)
- A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be
exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap
out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit
382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)
- A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve
local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on
a RCU read locked object which is freed by another thread. We recommend upgrading past commit
e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/linux-5.10");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-44879");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-25775");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-34324");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35827");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-45863");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-46813");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-46862");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5178");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51780");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51781");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51782");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5197");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5717");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-6121");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-6531");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-6817");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-6931");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-6932");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/linux-5.10");
script_set_attribute(attribute:"solution", value:
"Upgrade the linux-config-5.10 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-44879");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-25775");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/14");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-config-5.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-5.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-common-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.24-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-common-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.26-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-common-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.27-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-signed-template");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-signed-template");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-i386-signed-template");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.24-rt-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.26-rt-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.27-rt-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-5.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-5.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-5.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.24");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.26");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.27");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '10.0', 'prefix': 'linux-config-5.10', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-doc-5.10', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-686', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-cloud-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-cloud-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-common', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-common-rt', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-rt-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-rt-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-rt-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.24-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-686', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-cloud-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-cloud-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-common', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-common-rt', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-rt-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-rt-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-rt-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.26-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-686', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-cloud-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-cloud-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-common', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-common-rt', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-rt-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-rt-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-rt-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.27-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-686-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-amd64-signed-template', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-arm64-signed-template', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-armmp-lpae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-cloud-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-cloud-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-i386-signed-template', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-rt-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-rt-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-rt-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10-rt-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-686-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-686', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-armmp-lpae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-cloud-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-cloud-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-cloud-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-cloud-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.24-rt-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-686-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-686', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-armmp-lpae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-cloud-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-cloud-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-cloud-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-cloud-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.26-rt-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-686-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-686', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-armmp-lpae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-armmp-lpae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-cloud-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-cloud-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-cloud-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-cloud-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-686-pae-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-686-pae', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-amd64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-amd64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-arm64-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-arm64', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-armmp', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.27-rt-armmp-dbg', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-kbuild-5.10', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-perf-5.10', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-source-5.10', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-support-5.10.0-0.deb10.24', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-support-5.10.0-0.deb10.26', 'reference': '5.10.205-2~deb10u1'},
{'release': '10.0', 'prefix': 'linux-support-5.10.0-0.deb10.27', 'reference': '5.10.205-2~deb10u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-config-5.10 / linux-doc-5.10 / linux-headers-5.10-armmp / etc');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34324
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45863
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51780
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932
packages.debian.org/source/buster/linux-5.10
security-tracker.debian.org/tracker/CVE-2021-44879
security-tracker.debian.org/tracker/CVE-2023-25775
security-tracker.debian.org/tracker/CVE-2023-34324
security-tracker.debian.org/tracker/CVE-2023-35827
security-tracker.debian.org/tracker/CVE-2023-45863
security-tracker.debian.org/tracker/CVE-2023-46813
security-tracker.debian.org/tracker/CVE-2023-46862
security-tracker.debian.org/tracker/CVE-2023-5178
security-tracker.debian.org/tracker/CVE-2023-51780
security-tracker.debian.org/tracker/CVE-2023-51781
security-tracker.debian.org/tracker/CVE-2023-51782
security-tracker.debian.org/tracker/CVE-2023-5197
security-tracker.debian.org/tracker/CVE-2023-5717
security-tracker.debian.org/tracker/CVE-2023-6121
security-tracker.debian.org/tracker/CVE-2023-6531
security-tracker.debian.org/tracker/CVE-2023-6817
security-tracker.debian.org/tracker/CVE-2023-6931
security-tracker.debian.org/tracker/CVE-2023-6932
security-tracker.debian.org/tracker/source-package/linux-5.10
Related
osv
osv
linux-5.10 - security update
2024-01-10 00:00:00
linux - security update
2024-01-02 00:00:00
linux - security update
2024-01-01 00:00:00
debian
debian
[SECURITY] [DSA 5594-1] linux security update
2024-01-02 21:05:08
[SECURITY] [DLA 3711-1] linux-5.10 security update
2024-01-11 17:58:27
[SECURITY] [DSA 5593-1] linux security update
2024-01-01 13:25:21
openvas
openvas
Debian: Security Advisory (DLA-3711-1)
2024-01-12 00:00:00
Debian: Security Advisory (DSA-5594-1)
2024-01-12 00:00:00
Debian: Security Advisory (DSA-5593-1)
2024-01-12 00:00:00
nessus
nessus
Photon OS 3.0: Linux PHSA-2024-3.0-0713
2024-07-24 00:00:00
Photon OS 4.0: Linux PHSA-2023-4.0-0510
2024-07-24 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-035)
2024-01-24 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0713
2024-01-16 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0548
2024-01-13 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0510
2023-11-12 00:00:00
ubuntu
ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
2024-02-20 00:00:00
Linux kernel (GCP) vulnerabilities
2024-02-08 00:00:00
Linux kernel vulnerabilities
2024-02-07 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-12-26 00:24:31
ics
ics
Siemens SIMATIC S7-1500
2024-04-11 12:00:00
redos
redos
ROS-20240812-16
2024-08-12 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-02-13 00:00:00
amazon
amazon
Important: kernel
2023-11-10 17:32:00
redhatcve
redhatcve
CVE-2021-44879
2022-02-14 09:55:02
CVE-2023-46862
2023-10-30 13:43:22
cbl_mariner
cbl_mariner
CVE-2021-44879 affecting package kernel 5.10.109.1-2
2022-05-12 02:17:02
CVE-2021-44879 affecting package kernel for versions less than 5.15.26.1-1
2022-04-09 06:52:47
cvelist
cvelist
CVE-2021-44879
2022-02-13 00:00:00
nvd
nvd
CVE-2021-44879
2022-02-14 12:15:15
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.024
Percentile
90.2%
Related for DEBIAN_DLA-3711.NASL