Closed noahtalerman closed 2 months ago
@noahtalerman @lukeheath since this is urgent for the customer, do we want to consider releasing it as part of Patch 4.51.1 ?(outside of our process)
@sharon-fdm Unless it's a priority ticket I don't think so. We'd need to run an unscheduled minor release since this is a change and not a bug fix.
since this is urgent for the customer, do we want to consider releasing it as part of Patch 4.51.1 ?(outside of our process)
Hey @zayhanlon do you think we want to consider accelerating this feature? Or can it wait until the next minor release? Targeted for 2024-06-24.
@mostlikelee Do you know how we can QA this? Any publicly available custom kernels you know of that we could install?
@mostlikelee Do you know how we can QA this? Any publicly available custom kernels you know of that we could install?
Not that i know of, so I think our best bet is to enroll an Ubuntu host and update any software table entries starting with linux-image-*
. ie. linux-image-5.4.0-163-generic
-> linux-image-5.4.0-163-customfoo
After many tries (because of the manual steps) I was able to verify this change.
linux-image-6.5.0-35-generic, 6.5.0-35.35~22.04.1
is in the host software list.fleetctl trigger --name vulnerabilities
).source=1
, meaning they come from from OVAL).linux-image-6.5.0-35-generic
to linux-image-6.5.0-35-hotdog
, and manually delete the found OVAL vulnerabilities.
update software SET name = 'linux-image-6.5.0-35-hotdog' where id = 3842;
delete from software_cve where software_id = 3842;
fleetctl trigger --name vulnerabilities
).source=0
, meaning they come from from NVD).I did not analyze all the 364 CVEs found on NVD for the custom kernel. There could be false positives. I picked 5 and they looked like true positives.
Hey @mostlikelee when you get the chance, can you please take the docs updates for this one.
Outdated documentation changes: Add 1 sentence about how CVEs are mapped to custom kernels in the Coverage section on the Vulnerability processing page
Hey @Patagonia121, this story has shipped. We want to make sure docs TODOs from the comment above are merged in before we notify customers.
@marko-lisica I was planning to post a general release summary for all customer channels in Slack where I would mention this update, so you're saying I should hold off until doc changes are merged? @mostlikelee do you think this will happen today? Thank you both!
@Patagonia121 @marko-lisica not a problem, I'll get those up today
Hey @mostlikelee just checking in, did you get to those docs updates?
@noahtalerman can you review? https://github.com/fleetdm/fleet/pull/20125
@Patagonia121 docs are merged ✅
Custom kernel's glow, Vulnerabilities show, Safety in the know.
Goal
Context
Changes
Product
5.17.15
, surface this CVE if a host has a kernel image w/ version5.17.15
or5.17.15-foo.bar~hotdog
.Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation