View Issue Details

IDProjectCategoryView StatusLast Update
0018508CentOS-7kernelpublic2022-09-14 09:29
Reportermkaranam Assigned To 
Status closedResolutionfixed 
Product Version7.9.2009 
Summary0018508: Vulnerabilities in kernel-headers and kernel-debug-devel
DescriptionCentos 7.9.2009 has packages kernel-headers and kernel-debug-devel which has RHSA-2017:0372 CVE vulnerability. Please fix it in the upcoming release.
TagsNo tags attached.




2022-09-14 05:12

manager   ~0038987

You should probably update your kernel! Which version is installed?


2022-09-14 05:18

reporter   ~0038988

Installed Packages
Name : kernel-debug-devel, kernel-headers
Arch : x86_64
Version : 3.10.0
Release : 1160.71.1.el7


2022-09-14 09:29

manager   ~0038989

I cannot find RHSA-2017:0372 on the RH website but the links for it found via Google all say it is specific to aarch64 and not x86_64. Are you on an ARM based machine? If not then this errata is not applicable to you. The errata is for CVE-2016-5195 and is listed as fixed in the kernel rpm changelog in Oct 19 2016 as part of kernel 3.10.0-514.el7. In addition, it's incredibly unlikely that there would ever be a CVE against the kernel-headers package since it contains nothing executable.

Issue History

Date Modified Username Field Change
2022-09-14 04:28 mkaranam New Issue
2022-09-14 05:12 tigalch Note Added: 0038987
2022-09-14 05:18 mkaranam Note Added: 0038988
2022-09-14 09:29 TrevorH Status new => closed
2022-09-14 09:29 TrevorH Resolution open => fixed
2022-09-14 09:29 TrevorH Note Added: 0038989