The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5184 advisory.

  - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated     user to potentially enable information disclosure via local access. (CVE-2022-21123)

  - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

  - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

  - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially     leading to information disclosure. (CVE-2022-23825)

  - x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition     to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g.
    PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately,     the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too     early and creates a window where the guest can re-establish the read/write mapping before writeability is     prohibited. (CVE-2022-26362)

  - x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple     CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type     reference count for pages, in addition to a regular reference count. This scheme is used to maintain     invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables;
    updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-     coherency; cases where the CPU can cause the content of the cache to be different to the content in main     memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
    (CVE-2022-26363, CVE-2022-26364)

  - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their     retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can     hijack return instructions to achieve arbitrary speculative code execution under certain     microarchitecture-dependent conditions. (CVE-2022-29900)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5184-1 : xen - security update

medium Nessus Plugin ID 163265

Version 1.6

Version 1.5

Version 1.5

Version 1.4

Version 1.4

Version 1.6 Jan 16, 2024, 5:39 PM CVE (Removed rejected CVE) Plugin Feed: 202401161739
Version 1.5 Jan 16, 2024, 3:43 PM CVE (Removed rejected CVE) Plugin Feed: 202401161543
Version 1.5 Oct 17, 2023, 5:21 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2022-26364") Plugin Feed: 202310171721
Version 1.4 Oct 17, 2023, 3:14 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2022-26364") Plugin Feed: 202310171514
Version 1.4 Dec 6, 2022, 4:40 AM Reference Plugin Feed: 202212060440