Multiple versions of "crash-kmp-default" installed, discovered by security scanning tools
This document (000020877) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12
Situation
SUSE has received several reports that multiple versions of the crash-kmp-default kernel KMP[1] packages are installed. This is because the crash-kmp-default package has a "provides" tag set to "multiversion". Therefore, the package is "multiversion" and not tied to a specific kernel nor crash version and no newer version obsoletes the old versions.
There are no security concerns with the older packages installed. It is possible to have multiple versions installed and there is no vulnerability if the module is never loaded (and it is not loaded on most systems). The newest version at the time of module load will be loaded.
The crash-kmp-default kernel module is not needed unless you will be performing live kernel crash debugging, which is not common.
As long as the older crash-kmp-default kernel modules are not loaded and running in the kernel, there are no security concerns with the older crash-kmp-default packages installed.
There are several packages that have the "multiversion" tag, notably, the kernel packages and a few others.
This zypper command shows those packages.
This is intentional to provide kernel ABI compatibility.
As a result of this, there is no automatic mechanism to remove older package versions of crash-kmp-default or other "multiversion" packages (except the kernel).
There are no security concerns with the older packages installed. It is possible to have multiple versions installed and there is no vulnerability if the module is never loaded (and it is not loaded on most systems). The newest version at the time of module load will be loaded.
The crash-kmp-default kernel module is not needed unless you will be performing live kernel crash debugging, which is not common.
As long as the older crash-kmp-default kernel modules are not loaded and running in the kernel, there are no security concerns with the older crash-kmp-default packages installed.
There are several packages that have the "multiversion" tag, notably, the kernel packages and a few others.
This zypper command shows those packages.
zypper se --provides 'multiversion(kernel)'
This is intentional to provide kernel ABI compatibility.
As a result of this, there is no automatic mechanism to remove older package versions of crash-kmp-default or other "multiversion" packages (except the kernel).
Resolution
It is safe to delete the old crash-kmp-default packages. To remove older crash-kmp-default package versions, here are 2 options.
1. Run:
2. Remove both crash and all crash-kmp-default packages until they are needed.
To prevent crash and crash-kmp-default from being installed in the future a zypper lock can be added.
Run:
1. Run:
zypper rm crash-kmp-defaultwhich will remove all versions, then install only the most recent version with:
zypper install crash-kmp-default
2. Remove both crash and all crash-kmp-default packages until they are needed.
zypper rm crash crash-kmp-default
To prevent crash and crash-kmp-default from being installed in the future a zypper lock can be added.
Run:
zypper addlock crash crash-kmp-default
Additional Information
[1] https://documentation.suse.com/sbp/all/single-html/SBP-KMP-Manual-SLE12SP2/
[2] https://documentation.suse.com/sles/15-SP4/single-html/SLES-administration/#cha-tuning-multikernel
[2] https://documentation.suse.com/sles/15-SP4/single-html/SLES-administration/#cha-tuning-multikernel
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020877
- Creation Date: 29-Nov-2022
- Modified Date:30-Nov-2022
-
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
