Vulnerability scanners are programs that scan your system to tell you whether you have software installed with known vulnerabilities.
Many of the best well-known scanners interrogate the server’s package database.
Customers using KernelCare to live patch their Linux kernels and repair known vulnerabilities without rebooting were surprised when their scanning tool continued to report their system as having a vulnerable kernel.
The reason for this is that KernelCare does not report kernel patches to local repositories.
So, we have made a small change to KernelCare, modifying the LD_PRELOAD environment variable to correctly return the kernel version to the scanning tools.
If you have any questions on this or other aspects of KernelCare, please get in touch.