Debian DSA-5173-1:linux - 安全更新
high Nessus 插件 ID 162703
语言:
简介
远程 Debian 主机上缺少一个或多个与安全性相关的更新。描述
远程 Debian 10 主机上安装的多个程序包受到 dsa-5173 公告中提及的多个漏洞影响。- 在 Linux 内核 5.18.1 及之前版本中,net/netfilter/nf_tables_api.c 允许本地用户(能够创建 user/net 命名空间)将特权提升至 root,因为不正确的 NFT_STATEFUL_EXPR 检查会导致释放后使用。 (CVE-2022-32250)
- 在 Linux 内核的控制组和命名空间子系统中发现存在无权限的文件处理程序写入缺陷,导致用户可以访问一些由 cgroups 控制并具有较高权限父进程的低权限进程。此缺陷实际会影响 cgroup2 和 cgroup1 版本的控制组。本地用户可利用此缺陷造成系统崩溃,或提升其在系统中的权限。(CVE-2021-4197)
- 在 Linux 内核的 drivers/scsi/scsi_ioctl.c 的 scsi_ioctl 函数中发现了内核信息泄漏缺陷。该缺陷允许具有特殊用户特权(CAP_SYS_ADMIN 或 CAP_SYS_RAWIO)的本地攻击者造成机密性问题。(CVE-2022-0494)
- 在 Linux 内核中 net/sunrpc/xprtrdma/rpc_rdma.c 的 NFS over RDMA 中发现信息泄漏缺陷。此缺陷允许具有正常用户特权的攻击者泄漏内核信息。
(CVE-2022-0812)
- 在 Linux 内核的 DMA 子系统中发现了与用户调用 DMA_FROM_DEVICE 的方式相关的内存泄漏缺陷。
该缺陷允许本地用户读取内核空间中的随机内存。(CVE-2022-0854)
请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
升级 linux 程序包。另见
https://security-tracker.debian.org/tracker/CVE-2022-1734
https://security-tracker.debian.org/tracker/CVE-2022-1974
https://security-tracker.debian.org/tracker/CVE-2022-1975
https://security-tracker.debian.org/tracker/CVE-2022-21123
https://security-tracker.debian.org/tracker/CVE-2022-21125
https://security-tracker.debian.org/tracker/CVE-2022-21166
https://security-tracker.debian.org/tracker/CVE-2022-2153
https://security-tracker.debian.org/tracker/CVE-2022-23960
https://security-tracker.debian.org/tracker/CVE-2022-26490
https://security-tracker.debian.org/tracker/CVE-2022-27666
https://security-tracker.debian.org/tracker/CVE-2022-28356
https://security-tracker.debian.org/tracker/CVE-2022-28388
https://security-tracker.debian.org/tracker/CVE-2022-28389
https://security-tracker.debian.org/tracker/CVE-2022-28390
https://security-tracker.debian.org/tracker/CVE-2022-29581
https://security-tracker.debian.org/tracker/CVE-2022-30594
https://security-tracker.debian.org/tracker/CVE-2022-32250
https://security-tracker.debian.org/tracker/CVE-2022-32296
https://security-tracker.debian.org/tracker/CVE-2022-33981
https://packages.debian.org/source/buster/linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922204
https://security-tracker.debian.org/tracker/source-package/linux
https://www.debian.org/security/2022/dsa-5173
https://security-tracker.debian.org/tracker/CVE-2021-4197
https://security-tracker.debian.org/tracker/CVE-2022-0494
https://security-tracker.debian.org/tracker/CVE-2022-0812
https://security-tracker.debian.org/tracker/CVE-2022-0854
https://security-tracker.debian.org/tracker/CVE-2022-1011
https://security-tracker.debian.org/tracker/CVE-2022-1012
https://security-tracker.debian.org/tracker/CVE-2022-1016
https://security-tracker.debian.org/tracker/CVE-2022-1048
https://security-tracker.debian.org/tracker/CVE-2022-1184
https://security-tracker.debian.org/tracker/CVE-2022-1195
https://security-tracker.debian.org/tracker/CVE-2022-1198
https://security-tracker.debian.org/tracker/CVE-2022-1199
https://security-tracker.debian.org/tracker/CVE-2022-1204
https://security-tracker.debian.org/tracker/CVE-2022-1205
https://security-tracker.debian.org/tracker/CVE-2022-1353
https://security-tracker.debian.org/tracker/CVE-2022-1419
https://security-tracker.debian.org/tracker/CVE-2022-1516
插件详情
严重性: High
ID: 162703
文件名: debian_DSA-5173.nasl
版本: 1.11
类型: local
代理: unix
发布时间: 2022/7/4
最近更新时间: 2025/1/24
支持的传感器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
风险信息
VPR
风险因素: Critical
分数: 9.4
CVSS v2
风险因素: High
基本分数: 7.2
时间分数: 6.3
矢量: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 分数来源: CVE-2022-32250
CVSS v3
风险因素: High
基本分数: 8.2
时间分数: 7.8
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
时间矢量: CVSS:3.0/E:H/RL:O/RC:C
CVSS 分数来源: CVE-2022-1012
漏洞信息
CPE: p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp, p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template, p-cpe:/a:debian:debian_linux:usbip, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common, p-cpe:/a:debian:debian_linux:libbpf4.19, p-cpe:/a:debian:debian_linux:libcpupower1, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned, p-cpe:/a:debian:debian_linux:libcpupower-dev, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned, p-cpe:/a:debian:debian_linux:hyperv-daemons, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg, p-cpe:/a:debian:debian_linux:linux-doc-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390, p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt, p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned, p-cpe:/a:debian:debian_linux:linux-config-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-kbuild-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi, p-cpe:/a:debian:debian_linux:libbpf-dev, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg, p-cpe:/a:debian:debian_linux:linux-cpupower, p-cpe:/a:debian:debian_linux:linux-perf-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips, p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x, p-cpe:/a:debian:debian_linux:linux-source-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta
必需的 KB 项: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
可利用: true
易利用性: Exploits are available
补丁发布日期: 2022/7/3
漏洞发布日期: 2022/7/3
可利用的方式
CANVAS (CANVAS)
参考资料信息
CVE: CVE-2021-4197, CVE-2022-0494, CVE-2022-0812, CVE-2022-0854, CVE-2022-1011, CVE-2022-1012, CVE-2022-1016, CVE-2022-1048, CVE-2022-1184, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-1652, CVE-2022-1729, CVE-2022-1734, CVE-2022-1974, CVE-2022-1975, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-2153, CVE-2022-23960, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390, CVE-2022-29581, CVE-2022-30594, CVE-2022-32250, CVE-2022-32296, CVE-2022-33981