Kernel Patches for the 2017-3 Linux Agent may remain in "All Detected"

Version 3

    Verified Product Versions

    Endpoint Manager 2017.x

    Description: When repairing kernel related patches these patches may remain in the "All Detected" section of Security and Patch Information while some may move to "All Installed". The reason for this is the old kernels still remain on the machine. If the machine is booted with the old kernels then the machine will be vulnerable.

     

    Solution: A code change is planned to address the design in a different way and detect the current running kernel. To make reports and the GUI show as "fixed" remove the old kernel files from the machine and they should no longer show vulnerable.

     

    Example: CESA-2017-3200 below. Depending on the particular vulnerability some may move correctly while others do not.

     

    Kernel1.png

     

    Kernel2.png