Linux Sensors Show Vulnerabilities For Old Kernels
Article ID: 381823
Updated On:
Products
Carbon Black Cloud Endpoint Standard
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Linux sensor vulnerability management shows an older kernel version then the current kernel version
- Linux sensor may even show two different kernel versions for vulnerabilities
Environment
- Carbon Black Cloud Linux Sensor: All Supported Versions
Cause
- This happens because when upgrading a kernel version the previous version still exists on the machine
- OSQuery records both the current and the previous kernel version that is running on the endpoint
- The vulnerability scanner is aware of the previous and current kernel versions that are installed even if only the current kernel version is running
Resolution
- Dismiss the alert if the older kernel version is not running
- Uninstall the previous kernel version if no longer needed
Feedback
Yes
No
Powered by
