OpenSCAP reports show kernel vulnerabilities even when latest kernel is installed
Issue
Even if a system has the latest Red Hat Enterprise Linux (RHEL) kernel installed and that kernel is running, OpenSCAP scans against Red Hat provided OVAL and XCCDF data can result in reported kernel related failures (I.E. showing that the system is considered non-compliant/vulnerable). Red Hat Security Advisories (RHSAs) related to those vulnerabilities are seen to be resolved via kernel versions that are earlier than or equal to the system's running kernel.
Environment
- Red Hat Enterprise Linux 5.
- Red Hat Enterprise Linux 6.
- Red Hat Enterprise Linux 7.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.