The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4574 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4574-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Ben Hutchings     May 09, 2026                                  https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : linux-6.1     Version        : 6.1.170-3~deb11u1     CVE ID         : CVE-2026-43284 CVE-2026-43500     Debian Bug     : 1135514 1135599

    Two vulnerabilities have been discovered in the Linux kernel that may     lead to local privilege escalation.

    For Debian 11 bullseye, these problems have been fixed in version     6.1.170-3~deb11u1.  This version also fixes some regressions found in     the previous update.

    We recommend that you upgrade your linux-6.1 packages.

    For the detailed security status of linux-6.1 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/linux-6.1

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-4574 : linux-config-6.1 - security update

high Nessus Plugin ID 313616

Version 1.5

Version 1.3

Version 1.2

Version 1.1

Version 1.5 May 26, 2026, 12:31 PM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202605261231
Version 1.3 May 12, 2026, 8:32 AM CVSS metrics ("CVSSv2 score" set to 6.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C") CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2026-43284" to "CVE-2026-43500") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202605120832
Version 1.2 May 10, 2026, 2:27 AM Detection (updated detection logic) Plugin metadata Plugin Feed: 202605100227
Version 1.1 May 9, 2026, 8:13 PM New Plugin Feed: 202605092013