openSUSE Security Update : the Linux Kernel (openSUSE-2017-287)

critical Nessus Plugin ID 97367
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).

- CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).

- CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).

- CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762)

The following non-security bugs were fixed :

- btrfs: support NFSv2 export (bnc#929871).

- btrfs: Direct I/O: Fix space accounting (bsc#1025058).

- btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069).

- btrfs: bail out if block group has different mixed flag (bsc#1025072).

- btrfs: be more precise on errors when getting an inode from disk (bsc#981038).

- btrfs: check pending chunks when shrinking fs to avoid corruption (bnc#936445).

- btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).

- btrfs: do not BUG() during drop snapshot (bsc#1025076).

- btrfs: do not collect ordered extents when logging that inode exists (bsc#977685).

- btrfs: do not initialize a space info as full to prevent ENOSPC (bnc#944001).

- btrfs: do not leak reloc root nodes on error (bsc#1025074).

- btrfs: fix block group ->space_info NULL pointer dereference (bnc#935088).

- btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550).

- btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891).

- btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855).

- btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344).

- btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057).

- btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685).

- btrfs: fix extent accounting for partial direct IO writes (bsc#1025062).

- btrfs: fix file corruption after cloning inline extents (bnc#942512).

- btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685).

- btrfs: fix file read corruption after extent cloning and fsync (bnc#946902).

- btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489).

- btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685).

- btrfs: fix hang when failing to submit bio of directIO (bnc#942685).

- btrfs: fix incremental send failure caused by balance (bsc#985850).

- btrfs: fix invalid page accesses in extent_same (dedup) ioctl (bnc#968230).

- btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1025063).

- btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).

- btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942685).

- btrfs: fix memory leak in do_walk_down (bsc#1025075).

- btrfs: fix memory leak in reading btree blocks (bsc#1025071).

- btrfs: fix order by which delayed references are run (bnc#949440).

- btrfs: fix page reading in extent_same ioctl leading to csum errors (bnc#968230).

- btrfs: fix qgroup rescan worker initialization (bsc#1025077).

- btrfs: fix qgroup sanity tests (bnc#951615).

- btrfs: fix race between balance and unused block group deletion (bnc#938892).

- btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).

- btrfs: fix race waiting for qgroup rescan worker (bnc#960300).

- btrfs: fix regression running delayed references when using qgroups (bnc#951615).

- btrfs: fix regression when running delayed references (bnc#951615).

- btrfs: fix relocation incorrectly dropping data references (bsc#990384).

- btrfs: fix shrinking truncate when the no_holes feature is enabled (bsc#1025053).

- btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300).

- btrfs: fix stale dir entries after removing a link and fsync (bnc#942925).

- btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685).

- btrfs: fix warning in backref walking (bnc#966278).

- btrfs: fix warning of bytes_may_use (bsc#1025065).

- btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550).

- btrfs: handle quota reserve failure properly (bsc#1005666).

- btrfs: incremental send, check if orphanized dir inode needs delayed rename (bsc#1025049).

- btrfs: incremental send, do not delay directory renames unnecessarily (bsc#1025048).

- btrfs: incremental send, fix clone operations for compressed extents (fate#316463).

- btrfs: incremental send, fix premature rmdir operations (bsc#1025064).

- btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649, bnc#951615).

- btrfs: remove misleading handling of missing device scrub (bsc#1025055).

- btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489).

- btrfs: return gracefully from balance if fs tree is corrupted (bsc#1025073).

- btrfs: send, do not bug on inconsistent snapshots (bsc#985850).

- btrfs: send, fix corner case for reference overwrite detection (bsc#1025080).

- btrfs: send, fix file corruption due to incorrect cloning operations (bsc#1025060).

- btrfs: set UNWRITTEN for prealloc'ed extents in fiemap (bsc#1025047).

- btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192).

- btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649).

- btrfs: use received_uuid of parent during send (bsc#1025051).

- btrfs: wake up extent state waiters on unlock through clear_extent_bits (bsc#1025050).

- btrfs: Add handler for invalidate page (bsc#963193).

- btrfs: Add qgroup tracing (bnc#935087, bnc#945649).

- btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1025059).

- btrfs: Continue write in case of can_not_nocow (bsc#1025070).

- btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).

- btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).

- btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779).

- btrfs: Handle unaligned length in extent_same (bsc#937609).

- btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081).

- btrfs: add missing discards when unpinning extents with
-o discard (bsc#904489).

- btrfs: advertise which crc32c implementation is being used on mount (bsc#946057).

- btrfs: allow dedupe of same inode (bsc#1025067).

- btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649).

- btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649).

- btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489).

- btrfs: change max_inline default to 2048 (bsc#949472).

- btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649).

- btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649).

- btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref() (bsc#1025079).

- btrfs: delayed_ref: Add new function to record reserved space into delayed ref (bsc#963193).

- btrfs: delayed_ref: release and free qgroup reserved at proper timing (bsc#963193).

- btrfs: disable defrag of tree roots.

- btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881).

- btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).

- btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489).

- btrfs: extent-tree: Add new version of btrfs_check_data_free_space and btrfs_free_reserved_data_space (bsc#963193).

- btrfs: extent-tree: Add new version of btrfs_delalloc_reserve/release_space (bsc#963193).

- btrfs: extent-tree: Switch to new check_data_free_space and free_reserved_data_space (bsc#963193).

- btrfs: extent-tree: Switch to new delalloc space reserve and release (bsc#963193).

- btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).

- btrfs: extent_io: Introduce needed structure for recoding set/clear bits (bsc#963193).

- btrfs: extent_io: Introduce new function clear_record_extent_bits() (bsc#963193).

- btrfs: extent_io: Introduce new function set_record_extent_bits (bsc#963193).

- btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).

- btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100).

- btrfs: fix clone / extent-same deadlocks (bsc#937612).

- btrfs: fix deadlock with extent-same and readpage (bsc#937612).

- btrfs: fix resending received snapshot with parent (bsc#1025061).

- btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).

- btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709).

- btrfs: iterate over unused chunk space in FITRIM (bsc#904489).

- btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).

- btrfs: make file clone aware of fatal signals (bsc#1015787).

- btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).

- btrfs: properly track when rescan worker is running (bsc#989953).

- btrfs: provide super_operations->inode_get_dev (bsc#927455).

- btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649).

- btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649).

- btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).

- btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649).

- btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).

- btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).

- btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649).

- btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in clear_bit_hook (bsc#963193).

- btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).

- btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).

- btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649).

- btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300).

- btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans (bsc#963193).

- btrfs: qgroup: Fix a rebase bug which will cause qgroup double free (bsc#963193).

- btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649).

- btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993).

- btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).

- btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).

- btrfs: qgroup: Introduce functions to release/free qgroup reserve data space (bsc#963193).

- btrfs: qgroup: Introduce new functions to reserve/free metadata (bsc#963193).

- btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649).

- btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649).

- btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Use new metadata reservation (bsc#963193).

- btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649).

- btrfs: qgroup: exit the rescan worker during umount (bnc#960300).

- btrfs: qgroup: fix quota disable during rescan (bnc#960300).

- btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).

- btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844).

- btrfs: skip superblocks during discard (bsc#904489).

- btrfs: syslog when quota is disabled.

- btrfs: syslog when quota is enabled

- btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).

- btrfs: use the new VFS super_block_dev (bnc#865869).

- btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712).

- fs/super.c: add new super block sub devices super_block_dev (bnc#865869).

- fs/super.c: fix race between freeze_super() and thaw_super() (bsc#1025066).

- kabi: only use sops->get_inode_dev with proper fsflag (bsc#927455).

- qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).

- vfs: add super_operations->get_inode_dev (bsc#927455).

- xfs: do not allow di_size with high bit set (bsc#1024234).

- xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508).

- xfs: fix broken multi-fsb buffer logging (bsc#1024081).

- xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).

- xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508).

- xfs: track and serialize in-flight async buffers against unmount (bsc#1024508).


Update the affected the Linux Kernel packages.

See Also

Plugin Details

Severity: Critical

ID: 97367

File Name: openSUSE-2017-287.nasl

Version: 3.9

Type: local

Agent: unix

Published: 2/24/2017

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Critical

Score: 9.4


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pv, p-cpe:/a:novell:opensuse:kernel-pv-base, p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/22/2017

Exploitable With

Core Impact

Reference Information

CVE: CVE-2017-5897, CVE-2017-5970, CVE-2017-5986, CVE-2017-6074