• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Understanding Ksplice Effective Kernel Version

By admin

This post will explain the meaning behind the output of the “ksplice kernel uname” (Ksplice Enhanced client) or “uptrack-uname” (Ksplice Uptrack client) command and how to interpret Ksplice’s effective kernel version string.

The effective kernel version that is reported by Ksplice when running the command “ksplice kernel uname -r” reflects the security position of the kernel that is running based on the patches that have been applied by Ksplice. This effective kernel version usually differs from the version of the kernel that was booted and is intended to reflect the current state of the kernel with regard to potential vulnerabilities or critical bugs.

In the case where a booted kernel is locked to a version that did not receive the initial patches for the Spectre/Meltdown vulnerabilities, these patches cannot be applied with Ksplice. Although Ksplice continues to update the kernel with patches for subsequent CVEs, the effective kernel version is not updated so as to accurately reflect that the currently loaded kernel is still vulnerable to the Spectre/Meltdown vulnerabilities, even if patched for other potential attack vectors.

You can check your booted kernel version by running “uname -r”. Compare it to the version reported by Ksplice. If these versions match, your kernel is likely to still be vulnerable to Spectre/Meltdown and you should consider upgrading kernel and rebooting for Ksplice to be fully effective.

You can check which specific CVE vulnerabilities and critical bug fixes have been applied to the running kernel by running “ksplice kernel show“.

Filed Under: Linux, OEL 6, OEL 7

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to setup session idle timeout (inactivity timeout) for ssh auto logout
  2. How To Setup UDEV Rules For RAC OCR And Voting Devices on Partitions
  3. Beginners Guide to SELinux
  4. Troubleshooting “connection refused” From Remote Servers in CentOS/RHEL 7 (Either Firewalld or iptables service issue)
  5. CentOS / RHEL 6 : How to password-protect single user mode
  6. “Could not resolve proxy: https; Unknown error” – error with ‘yum update’
  7. Server Application Getting “connection refused” From Remote Servers [due to firewalld or iptables] – CentOS/RHEL 7
  8. How Passwordless SSH works in Linux / UNIX
  9. How to Verify a Lun is in Active/Optimized Mode when ALUA Is Configured on Storage
  10. Understanding /etc/xinetd.conf file in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • Oracle Database – Configuring Secure Application Roles
  • Extend rule sets by using factors in Oracle Database Vault
  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary