Linux Sensors Show Vulnerabilities For Old Kernels
search cancel

Linux Sensors Show Vulnerabilities For Old Kernels

book

Article ID: 381823

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Linux sensor vulnerability management shows an older kernel version then the current kernel version
  • Linux sensor may even show two different kernel versions for vulnerabilities

Environment

  • Carbon Black Cloud Linux Sensor: All Supported Versions

Cause

  • This happens because when upgrading a kernel version the previous version still exists on the machine
  • OSQuery records both the current and the previous kernel version that is running on the endpoint
  • The vulnerability scanner is aware of the previous and current kernel versions that are installed even if only the current kernel version is running

Resolution

  • Dismiss the alert if the older kernel version is not running
  • Uninstall the previous kernel version if no longer needed