The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3675-1 advisory.
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:3675-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155383);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/23");
script_cve_id(
"CVE-2021-3542",
"CVE-2021-3655",
"CVE-2021-3715",
"CVE-2021-3760",
"CVE-2021-3772",
"CVE-2021-3896",
"CVE-2021-33033",
"CVE-2021-34866",
"CVE-2021-37159",
"CVE-2021-41864",
"CVE-2021-42008",
"CVE-2021-42252",
"CVE-2021-42739",
"CVE-2021-43056",
"CVE-2021-43389"
);
script_name(english:"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3675-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:3675-1 advisory.
- The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because
the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads
to writing an arbitrary value. (CVE-2021-33033)
- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a
reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of
this candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2021-3542)
- A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on
inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
- kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
- hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev
without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)
- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a
reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of
this candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2021-3896)
- prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows
unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds
write. (CVE-2021-41864)
- The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab
out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)
- An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux
kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite
memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a
certain comparison uses values that are not memory sizes. (CVE-2021-42252)
- The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt
mishandles bounds checking. (CVE-2021-42739)
- An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to
crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S
implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)
- An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in
the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1085030");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1089118");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1094840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1133021");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1152472");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1152489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1154353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1157177");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1167773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173604");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176447");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176914");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178134");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180100");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180749");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181147");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184673");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186063");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186109");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187167");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188563");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189841");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190006");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190349");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190351");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190479");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190795");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190801");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190941");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191229");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191240");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191241");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191315");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191317");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191349");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191384");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191449");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191450");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191451");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191452");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191456");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191628");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191663");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191731");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191800");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191851");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191867");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191934");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191958");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191980");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192040");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192041");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192145");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192229");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192267");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192288");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192549");
# https://lists.opensuse.org/archives/list/[email protected]/thread/YKWZ52CYLL6JHU7XBR4T2MCMZQTD4U57/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?48131813");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33033");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-34866");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3542");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3655");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3715");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37159");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3760");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3772");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3896");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-41864");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42008");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42252");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42739");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-43056");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-43389");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3760");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-42252");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/14");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dlm-kmp-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dlm-kmp-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-al");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-allwinner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-altera");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-amd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-amlogic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-apm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-broadcom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-cavium");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-exynos");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-freescale");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-hisilicon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-lg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-mediatek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-nvidia");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-qcom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-renesas");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-rockchip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-socionext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-sprd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-xilinx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dtb-zte");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gfs2-kmp-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gfs2-kmp-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-64kb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-64kb-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-64kb-optional");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-livepatch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-optional");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt-optional");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:reiserfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'cluster-md-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cluster-md-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cluster-md-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cluster-md-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dlm-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dlm-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dlm-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dlm-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-al-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-allwinner-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-altera-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-amd-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-amlogic-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-apm-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-arm-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-broadcom-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-cavium-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-exynos-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-freescale-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-hisilicon-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-lg-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-marvell-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-mediatek-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-nvidia-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-qcom-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-renesas-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-rockchip-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-socionext-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-sprd-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-xilinx-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dtb-zte-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gfs2-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gfs2-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64kb-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64kb-extra-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64kb-livepatch-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64kb-optional-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-livepatch-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-base-5.3.18-59.34.1.18.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-base-rebuild-5.3.18-59.34.1.18.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-devel-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-extra-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-livepatch-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-livepatch-devel-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-optional-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-macros-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-obs-build-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-obs-qa-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-extra-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-extra-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-livepatch-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-livepatch-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-optional-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-optional-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-vanilla-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-syms-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-5.3.18-59.34.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kselftests-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kselftests-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kselftests-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kselftests-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocfs2-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocfs2-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'reiserfs-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'reiserfs-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'reiserfs-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'reiserfs-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | dtb-amd | p-cpe:/a:novell:opensuse:dtb-amd |
novell | opensuse | kernel-default-base-rebuild | p-cpe:/a:novell:opensuse:kernel-default-base-rebuild |
novell | opensuse | kernel-obs-qa | p-cpe:/a:novell:opensuse:kernel-obs-qa |
novell | opensuse | kernel-preempt | p-cpe:/a:novell:opensuse:kernel-preempt |
novell | opensuse | kernel-source | p-cpe:/a:novell:opensuse:kernel-source |
novell | opensuse | dtb-al | p-cpe:/a:novell:opensuse:dtb-al |
novell | opensuse | dtb-exynos | p-cpe:/a:novell:opensuse:dtb-exynos |
novell | opensuse | gfs2-kmp-preempt | p-cpe:/a:novell:opensuse:gfs2-kmp-preempt |
novell | opensuse | kernel-64kb-extra | p-cpe:/a:novell:opensuse:kernel-64kb-extra |
novell | opensuse | kernel-debug-livepatch-devel | p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3715
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42739
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389
www.nessus.org/u?48131813
bugzilla.suse.com/1065729
bugzilla.suse.com/1085030
bugzilla.suse.com/1089118
bugzilla.suse.com/1094840
bugzilla.suse.com/1133021
bugzilla.suse.com/1152472
bugzilla.suse.com/1152489
bugzilla.suse.com/1154353
bugzilla.suse.com/1156395
bugzilla.suse.com/1157177
bugzilla.suse.com/1167773
bugzilla.suse.com/1172073
bugzilla.suse.com/1173604
bugzilla.suse.com/1176447
bugzilla.suse.com/1176774
bugzilla.suse.com/1176914
bugzilla.suse.com/1176940
bugzilla.suse.com/1178134
bugzilla.suse.com/1180100
bugzilla.suse.com/1180749
bugzilla.suse.com/1181147
bugzilla.suse.com/1184673
bugzilla.suse.com/1185762
bugzilla.suse.com/1186063
bugzilla.suse.com/1186109
bugzilla.suse.com/1187167
bugzilla.suse.com/1188563
bugzilla.suse.com/1188601
bugzilla.suse.com/1189841
bugzilla.suse.com/1190006
bugzilla.suse.com/1190067
bugzilla.suse.com/1190349
bugzilla.suse.com/1190351
bugzilla.suse.com/1190479
bugzilla.suse.com/1190620
bugzilla.suse.com/1190642
bugzilla.suse.com/1190795
bugzilla.suse.com/1190801
bugzilla.suse.com/1190941
bugzilla.suse.com/1191229
bugzilla.suse.com/1191240
bugzilla.suse.com/1191241
bugzilla.suse.com/1191315
bugzilla.suse.com/1191317
bugzilla.suse.com/1191349
bugzilla.suse.com/1191384
bugzilla.suse.com/1191449
bugzilla.suse.com/1191450
bugzilla.suse.com/1191451
bugzilla.suse.com/1191452
bugzilla.suse.com/1191455
bugzilla.suse.com/1191456
bugzilla.suse.com/1191628
bugzilla.suse.com/1191645
bugzilla.suse.com/1191663
bugzilla.suse.com/1191731
bugzilla.suse.com/1191800
bugzilla.suse.com/1191851
bugzilla.suse.com/1191867
bugzilla.suse.com/1191934
bugzilla.suse.com/1191958
bugzilla.suse.com/1191980
bugzilla.suse.com/1192040
bugzilla.suse.com/1192041
bugzilla.suse.com/1192074
bugzilla.suse.com/1192107
bugzilla.suse.com/1192145
bugzilla.suse.com/1192229
bugzilla.suse.com/1192267
bugzilla.suse.com/1192288
bugzilla.suse.com/1192549
www.suse.com/security/cve/CVE-2021-33033
www.suse.com/security/cve/CVE-2021-34866
www.suse.com/security/cve/CVE-2021-3542
www.suse.com/security/cve/CVE-2021-3655
www.suse.com/security/cve/CVE-2021-3715
www.suse.com/security/cve/CVE-2021-37159
www.suse.com/security/cve/CVE-2021-3760
www.suse.com/security/cve/CVE-2021-3772
www.suse.com/security/cve/CVE-2021-3896
www.suse.com/security/cve/CVE-2021-41864
www.suse.com/security/cve/CVE-2021-42008
www.suse.com/security/cve/CVE-2021-42252
www.suse.com/security/cve/CVE-2021-42739
www.suse.com/security/cve/CVE-2021-43056
www.suse.com/security/cve/CVE-2021-43389