Linux Sensors Show Vulnerabilities For Old Kernels
book
Article ID: 381823
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint StandardCarbon Black Cloud Enterprise EDR (formerly Cb Threathunter)Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Linux sensor vulnerability management shows an older kernel version then the current kernel version
Linux sensor may even show two different kernel versions for vulnerabilities
Environment
Carbon Black Cloud Linux Sensor: All Supported Versions
Cause
This happens because when upgrading a kernel version the previous version still exists on the machine
OSQuery records both the current and the previous kernel version that is running on the endpoint
The vulnerability scanner is aware of the previous and current kernel versions that are installed even if only the current kernel version is running