Uploaded image for project: 'Red Hat Insights Engineering'
  1. Red Hat Insights Engineering
  2. RHINENG-14561

Installation of kernel-doc package marks 150 CVEs as affected for a RHEL 7.9 system

XMLWordPrintable

    • Important
    • 5

      ** Note that this is a public ticket, please refrain from adding any sensitive data. **

      Description of Problem

      When working on a fully updated RHEL 7.9 ELS system, insights show no CVEs with advisories. But as soon as kernel-doc package would be installed, Then 150 CVEs pop-up from nowhere. 

      How reproducible

      Always

      Steps to Reproduce and Actual Behavior:

      1. Install a RHEL 7.9 and register with redhat portal
      2. Enable rhel7-server-els-rpms repo and update all packages + reboot with latest kernel
      3. Install insights-client and register with insights
      4. Open the system from https://console.redhat.com/insights/inventory, Check the Vulnerability tab and and notice no CVEs with Advisories present
      5. Install kernel-doc package and re-run insights-client command
      6. Repeat step 4 and now notice, 150 CVEs out of no where. 

      Expected Behavior

      False-Positive CVE detection needs to be minimized as much as possible. 

      Business Impact / Additional info

      It seems RHEL 8.8 EUS also suffers from a similar issue but not for RHEL 9.4 EUS. [ as tested by the end-user ]

              psegedy Patrik Segedy
              rhn-support-saydas Sayan Das
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: