search cancel

Difference in vulnerability reporting between Patch Management and Qualys for Red Hat Linux kernel.

book

Article ID: 172889

calendar_today

Updated On:

Products

Patch Management Solution for Linux

Issue/Introduction

Difference in vulnerability reporting between Patch Management and Qualys for Red Hat Linux kernel. Example Red Hat Update for kernel (RHSA-2018:2390).

The administrator may notice a difference in which updates are shown as applicable in Patch Management Solution and Qualys.

Resolution

After successful remediation and update installation on an endpoint, when endpoint is reported as no longer vulnerable by Patch Management, the older (non-active) kernel version is preserved by the operating system for fallback and recovery purposes.

Qualys may detect the old non-active kernel version and still report a potential vulnerability.
By default Red Hat Enterprise Linux keeps 5 latest installed kernel versions and provides tools to force the cleanup and/or change default value of kernels to keep.

Administrators should follow security policies and risk management (change control) procedures to determine how many or which kernel versions are kept.