How do I check if a specific kernel is vulnerable to a specific CVE?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux

Issue

  • Is kernel kernel-3.10.0-862.11.6.el7.x86_64 vulnerable to CVE-2017-12190?

Resolution

There are a few ways that you may check if a specific kernel has been patched for a specific CVE. Here are a few of them:

  • If you have the rpm, you could use the rpm command to check the change log and grep for the CVE name.
    Example:
# rpm -qp kernel-3.10.0-862.11.6.el7.x86_64.rpm --changelog | grep CVE-2017-12190
  • You may also find information on CVE's at https://access.redhat.com/security/security-updates/#/cve. You can search for the CVE of interest and drill down in the the errata that provided the fix, and what packages came with that errata. If your kernel version is later that the one shown in the errata, you can assume that your new kernel includes the patch.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments