尽管应用了最新补丁,Prisma cloud defender/无代理扫描仍继续识别与旧内核版本相关的漏洞

尽管应用了最新补丁,Prisma cloud defender/无代理扫描仍继续识别与旧内核版本相关的漏洞

3287
Created On 02/05/24 13:37 PM - Last Modified 01/03/25 07:28 AM


Symptom



尽管升级到最新版本,Prisma Cloud Compute Defender/ 无代理扫描仍报告旧内核的漏洞。
运行最新版本的Linux主机:

[user@host1 ~]$ uname -mrs
Linux 4.14.336-253.554.amzn2.x86_64 x86_64

Prisma 云显示旧内核版本存在漏洞。



Environment


稜镜云。

运行时安全。

漏洞管理。

主力后卫。

无代理的扫描。

Cause


我们检查了主机中安装的所有内核包,发现了旧内核版本。虽然它们处于非活动状态,但它们仍存在于主机中,因此 Prisma 云存在与这些内核包相关的漏洞。

[user@host1 ~]$ rpm -qa | grep kernel
kernel-tools-4.14.336-253.554.amzn2.x86_64
kernel-4.14.328-248.540.amzn2.x86_64
kernel-devel-4.14.328-248.540.amzn2.x86_64
kernel-devel-4.14.336-253.554.amzn2.x86_64
kernel-4.14.336-253.554.amzn2.x86_64
kernel-4.14.334-252.552.amzn2.x86_64
kernel-devel-4.14.334-252.552.amzn2.x86_64
kernel-headers-4.14.336-253.554.amzn2.x86_64

对于 Debian/ubuntu 版本:

user@ubuntu-22-04:~$ dpkg --list | grep linux-image
rc  linux-image-5.15.0-112-generic                   5.15.0-112.122                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-113-generic                   5.15.0-113.123                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-116-generic                   5.15.0-116.126                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-117-generic                   5.15.0-117.127                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-118-generic                   5.15.0-118.128                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-119-generic                   5.15.0-119.129                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-121-generic                   5.15.0-121.131                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-122-generic                   5.15.0-122.132                          amd64        Signed kernel image generic
ii  linux-image-5.15.0-124-generic                   5.15.0-124.134                          amd64        Signed kernel image generic
ii  linux-image-5.15.0-125-generic                   5.15.0-125.135                          amd64        Signed kernel image generic
rc  linux-image-5.15.0-60-generic                    5.15.0-60.66                            amd64        Signed kernel image generic
ii  linux-image-generic                              5.15.0.125.124                          amd64        Generic Linux kernel image
user@ubuntu-22-04:~$ uname -mrs
Linux 5.15.0-125-generic x86_64

Resolution


这是 Prisma 云端的预期行为,因为我们会显示内核包中存在的所有漏洞,而不管哪个漏洞处于活动状态。

您可以根据所使用的发行版使用 yum remove 或 apt-get remove 来删除未使用的内核包,以停止查看这些请求。

**删除未使用的内核包时请小心,确保它们确实未使用。
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WyhCAE&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language