The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2643-1 advisory.
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-152735806 (CVE-2020-0429)
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after- free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. (CVE-2020-36385)
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space (CVE-2021-22555)
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
(CVE-2021-3609)
An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. (CVE-2021-3659)
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:2643-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152481);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2020-0429",
"CVE-2020-36385",
"CVE-2020-36386",
"CVE-2021-3609",
"CVE-2021-3612",
"CVE-2021-3659",
"CVE-2021-22543",
"CVE-2021-22555",
"CVE-2021-33909",
"CVE-2021-37576"
);
script_xref(name:"IAVA", value:"2021-A-0350");
script_xref(name:"SuSE", value:"SUSE-SU-2021:2643-1");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2643-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2021:2643-1 advisory.
- In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a
use after free. This could lead to local escalation of privilege with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-152735806 (CVE-2020-0429)
- An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-
free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is
called, aka CID-f5449e74802c. (CVE-2020-36385)
- An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-
bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)
- An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass
RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users
with the ability to start and control a VM to read/write random pages of memory and can result in local
privilege escalation. (CVE-2021-22543)
- A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name
space (CVE-2021-22555)
- fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer
allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an
unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)
- .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse
a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race
condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
(CVE-2021-3609)
- An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions
before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the
system or possibly escalate their privileges on the system. The highest threat from this vulnerability is
to confidentiality, integrity, as well as system availability. (CVE-2021-3612)
- A NULL pointer dereference flaw was found in the Linux kernel's IEEE 802.15.4 wireless networking
subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the
system. The highest threat from this vulnerability is to system availability. (CVE-2021-3659)
- arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest
OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1085224");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1094840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1113295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1153720");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1170511");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176724");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176931");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179195");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181161");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184114");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184350");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185308");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185377");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185791");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186482");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186672");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187050");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187215");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187476");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187585");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187846");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188026");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188062");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188101");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188116");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188273");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188274");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188750");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188838");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188842");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188876");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188973");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-0429");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36385");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36386");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22543");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22555");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33909");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3609");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3612");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3659");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37576");
# https://lists.suse.com/pipermail/sle-security-updates/2021-August/009279.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb0d8c01");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37576");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt_debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'cluster-md-kmp-rt-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'dlm-kmp-rt-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'gfs2-kmp-rt-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-devel-rt-4.12.14-10.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-rt-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-rt-base-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-rt-devel-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-rt_debug-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-rt_debug-devel-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-source-rt-4.12.14-10.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'kernel-syms-rt-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]},
{'reference':'ocfs2-kmp-rt-4.12.14-10.54.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':[]}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37576
www.nessus.org/u?fb0d8c01
bugzilla.suse.com/1065729
bugzilla.suse.com/1085224
bugzilla.suse.com/1094840
bugzilla.suse.com/1113295
bugzilla.suse.com/1153720
bugzilla.suse.com/1170511
bugzilla.suse.com/1176724
bugzilla.suse.com/1176931
bugzilla.suse.com/1176940
bugzilla.suse.com/1179195
bugzilla.suse.com/1181161
bugzilla.suse.com/1183871
bugzilla.suse.com/1184114
bugzilla.suse.com/1184350
bugzilla.suse.com/1184804
bugzilla.suse.com/1185032
bugzilla.suse.com/1185308
bugzilla.suse.com/1185377
bugzilla.suse.com/1185791
bugzilla.suse.com/1185995
bugzilla.suse.com/1186206
bugzilla.suse.com/1186482
bugzilla.suse.com/1186672
bugzilla.suse.com/1187038
bugzilla.suse.com/1187050
bugzilla.suse.com/1187215
bugzilla.suse.com/1187476
bugzilla.suse.com/1187585
bugzilla.suse.com/1187846
bugzilla.suse.com/1188026
bugzilla.suse.com/1188062
bugzilla.suse.com/1188101
bugzilla.suse.com/1188116
bugzilla.suse.com/1188273
bugzilla.suse.com/1188274
bugzilla.suse.com/1188405
bugzilla.suse.com/1188620
bugzilla.suse.com/1188750
bugzilla.suse.com/1188838
bugzilla.suse.com/1188842
bugzilla.suse.com/1188876
bugzilla.suse.com/1188885
bugzilla.suse.com/1188973
www.suse.com/security/cve/CVE-2020-0429
www.suse.com/security/cve/CVE-2020-36385
www.suse.com/security/cve/CVE-2020-36386
www.suse.com/security/cve/CVE-2021-22543
www.suse.com/security/cve/CVE-2021-22555
www.suse.com/security/cve/CVE-2021-33909
www.suse.com/security/cve/CVE-2021-3609
www.suse.com/security/cve/CVE-2021-3612
www.suse.com/security/cve/CVE-2021-3659
www.suse.com/security/cve/CVE-2021-37576