I updated my Amazon Elastic Compute Cloud (Amazon EC2) instances, but Amazon Inspector is detecting Common Vulnerabilities and Exposures (CVE) on previous kernel versions. How can I resolve this?

Amazon Inspector returns vulnerability results for all installed packages on Amazon EC2 instances. For kernel packages, the package management system (apt or rpm) usually leaves the previous kernel installed on the system when installing a new kernel. Amazon Inspector detects the previous kernel version even if the kernel is not active.

Update the Linux kernel packages, uninstall the previous kernel packages, and then run Amazon Inspector again.

Amazon Linux, RHEL, and CentOS

1. Update the Linux kernel packages:

sudo yum update kernel

2. (Optional) Update all packages:

sudo yum update

3. Reboot to apply the changes:

sudo reboot

4. List running kernel:

uname -r

5. List installed kernels:

sudo rpm -qa kernel

6. Uninstall the previous versions of kernel packages:

sudo package-cleanup --oldkernels --count=1

7. Verify that there is only one installed kernel:

sudo rpm -qa kernel

Run Amazon Inspector again. Amazon Inspector should not return vulnerabilities related to previously installed kernel version packages.

Ubuntu and Debian

1. Update the Linux kernel and dependencies to the latest version:

sudo apt update &&  sudo apt install linux-aws

2. (Optional) Update all packages including the kernel:

sudo apt update &&  sudo apt dist-upgrade

3. Reboot to apply the changes:

sudo reboot

4. Uninstall previous version packages:

sudo apt autoremove

Note: The sudo apt autoremove command removes previous versions of packages that are no longer needed. For information on removing previous kernels, see RemoveOldKernels.

5. Run Amazon Inspector again.

If Amazon Inspector still detects vulnerabilities from a previously installed kernel package, run the following commands.

1. List installed kernels:

sudo dpkg --get-selections|grep linux-image|grep -v deinstall

Check to be sure that you are running the later of the two listed kernels that are still installed.

2. List running kernels:

uname -r

3. Remove the earlier of the two kernel versions that are installed along with related packages:  

sudo apt remove linux-*-4.4.0-1049-*

Note: Replace the kernel version number with the last installed kernel number. Repeat if there are more kernel packages that were previously installed.

Run Amazon Inspector again. Amazon Inspector should not return vulnerabilities related to previously installed kernel version packages.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-08-12