Skip to main content
Ask Ubuntu

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

4
  • Thank you so much for the information !! If my version is up to date, why my security scans are showing many vulnerabilities. I am using apt update && apt upgrade to install updates. Do i need to do anything different ? NOTE :These are production servers. Commented May 17, 2025 at 2:47
  • 2
    Because most vulnerability scanners only look at the version number 6.8.0 and are not capable of distinguishing the patches applied on top. 6.8 is not an Linux kernel LTS, and the major distributions maintain their own patches. Most fixes are a couple on lines of code, but once compiled it is hard to trace back if a certain patch was applied. Hence the many falso positives from your scanner. Commented May 17, 2025 at 4:15
  • 2
    @SZaff sleepyhead is correct, partially. Your security scanners are likely NOT tuned to check package versions (especially if doing scans external to the system) and are likely NOT seeing things. THIS SAID, you are not up to date. You're up to date against CVE-2024-38541, but not other security patches and bug fixes in the kernel trees. During your next maintenance window, you should update these servers with the updated kernel and then reboot them. Production or not, security needs to be handled usually during scheduled maintenance windows. Commented May 17, 2025 at 18:02
  • Thank you for the support guys. much appreciated, i will reach out to our security team with all these details. Commented May 20, 2025 at 15:05