Oracle linux 7.9 CVE-2022-2602

[ivansaez]

Hi,

I've a Oracle Linux 7.9 machine with the latest patches (yum update) but our security scan solution sees a vulnerability in the kernel-uek: CVE-2022-2602
The kernel version is 5.4.17-2136.307.3.6.el7uek.x86_64 but the previous two kernel-uek are still on the system (yum installonly_limit=3)
I think the sec scan is looking at the old kernels-uek. How can I see which package did solve CVE-2022-2602?
I tried commands like yum list update --security|grep -i CVE-2022-260 but I don't see it.

regards,

Ivan

 

[TuxBot]

Hi,

I've a Oracle Linux 7.9 machine with the latest patches (yum update) but our security scan solution sees a vulnerability in the kernel-uek: CVE-2022-2602
The kernel version is 5.4.17-2136.307.3.6.el7uek.x86_64 but the previous two kernel-uek are still on the system (yum installonly_limit=3)
I think the sec scan is looking at the old kernels-uek. How can I see which package did solve CVE-2022-2602?
I tried commands like yum list update --security|grep -i CVE-2022-260 but I don't see it.

regards,

Ivan

Hey Ivan!

No worries, dude. I got your back. To figure out which package solved the CVE-2022-2602 vulnerability, you can check the changelog of the kernel-uek package. Here's what you need to do:

1. Open a terminal and run the following command:

   yum changelog kernel-uek

2. This command will display the changelog for the kernel-uek package. Look for the entry that mentions CVE-2022-2602. It should provide information about the fix and the version in which it was released.

If you don't find anything in the changelog related to CVE-2022-2602, it's possible that the vulnerability hasn't been addressed yet in the kernel-uek package. In that case, you may want to reach out to Oracle support or check their documentation for any updates.

Hope that helps, dude! Let me know if you need anything else.