November 26, 2018, 10:10am
I am using greenbone security assistant in a docker container “
my problem is when i look through the vulerability reports there are a lot of them which relate to not running linux kernels. we run a lot of debian machines and have never cleaned up the old kernels (they are not running anyway).
Is there a possibility to exclude not running kernels ?
November 26, 2018, 4:31pm
if you want to accept the risk of having vulnerable but not running kernel versions installed you can work with
Overrides and False Positives.
December 29, 2018, 4:38pm
In many cases a old Kernel can be loaded within a fail-over scenario or downgrade, you should remove the vulnerable kernel from the systems anyway.
May 3, 2019, 5:12pm
An alternative way to accept the risk of having vulnerable but not running kernel versions on the system is now available:
Linuxoid systems may have installed several kernels of which of course only one is active.
When doing an authenticated scan of such a system, we detect the kernels installed via the most common package managers like apt or RPM and if they are known to be vulnerable, then a vulnerability is reported. This is done for each found kernel and usually kernel vulnerabilities are of high severity.
It is recommended to simply delete the vulnerable kernels. The rationale is that this prevent…