Hi I am newbie, I would like some advices about a issue.
I am use Greebone Community Version 22.7.1.
I did a SCAN to a internal server (CentOS Linux release 7.9.2009 (Core)), it have a kernel 3.10.0-1160.99.1.el7.x86_64, but when I scan it shows me a issue.
Vulnerable package: kernel
Installed version: kernel-3.10.0-1160.el7
Fixed version: kernel-3.10.0-1160.45.1.el7
I think it could be a false positive or some problem at identification.
What can we do to solve this?
and welcome to this community forum.
It seems the system in question is still having an outdated kernel (which is quite common on such operating systems like CentOS) in version
As such installed but inactive kernel versions are still posing a risk for the system (e.g. the system is rebooted and the inactive kernel is loaded) it is reported accordingly.
There are currently two possibilities:
- Uninstall of the inactive kernel
- Accepting the risk originating from an inactive kernel by creating an override for the result in question
Thanks a lot, it solve the issue.
I delete all old kernels.