Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy reported Kernel CVE CVE-2024-53103 #1029

Closed
tomuben opened this issue Dec 4, 2024 · 0 comments
Closed

Trivy reported Kernel CVE CVE-2024-53103 #1029

tomuben opened this issue Dec 4, 2024 · 0 comments
Assignees
@tomuben
Labels
security Security related change

Comments

@tomuben
Copy link
Collaborator

tomuben commented Dec 4, 2024

Background

Our Nightly build detected CVE-2024-53103.

Total: 1 (HIGH: 1, CRITICAL: 0)
┌────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│    Library     │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                           Title                           │
├────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ linux-libc-dev │ CVE-2024-53103 │ HIGH     │ affected │ 5.15.0-126.136    │               │ In the Linux kernel, the following vulnerability has been │
│                │                │          │          │                   │               │ resolved: h...                                            │
│                │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-53103                │
└────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

However, Kernel CVE's should be suppressed in the trivy.rego file:

ignore {
        input.PkgName == "linux-libc-dev"
        regex.match("^kernel:", input.Title)
}

=> Looks there is no other way to identify Kernel related CVE's. So, need to adjust the regular expression.

Acceptance Criteria

Security Scans should ignore CVE-2024-53103.
@tomuben tomuben self-assigned this Dec 4, 2024
@tomuben tomuben added the security Security related change label Dec 4, 2024
@tomuben tomuben mentioned this issue Dec 4, 2024
Merged
tomuben added a commit to exasol/script-languages that referenced this issue Dec 5, 2024
@tomuben
#1029: Extended trivy rego for Kernel CVE's (#482)
ab70c0d 
related to exasol/script-languages-release#1029
tomuben added a commit that referenced this issue Dec 5, 2024
@tomuben
#1029: Extended trivy rego for Kernel CVE's
f4af2bc
@tomuben tomuben mentioned this issue Dec 5, 2024
Merged
10 tasks
@tomuben tomuben closed this as completed in 154f465 Dec 5, 2024
tomuben added a commit that referenced this issue Dec 5, 2024
@tomuben
Merge pull request #1033 from exasol/develop
3ed56f1 
Changelog:
- Update version to 9.1.0 (#1030) 
- #1029: Extended trivy rego for Kernel CVE's (#1031)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomuben tomuben

Labels
security Security related change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tomuben