Linux OS vulnerabilities (CVEs)

[allenhouchins]

• @noahtalerman: User requested this because Fleet already maps CVE and vulnerability data for Linux hosts, but the Software > OS page displays "Not supported" under Vulnerabilities for Linux operating systems. This limits visibility into OS-level security risks. It feels like a gap in visibility.
  • @noahtalerman: In the interim, there is no workaround—users cannot see OS vulnerabilities for Linux in the UI, making it harder to prioritize patching efforts.
  • @noahtalerman: Eventually, Fleet could surface Linux OS vulnerabilities on this page, similar to how macOS and Windows vulnerabilities are displayed, allowing admins to prioritize remediation effectively. Fleet could also use language other than "Not supported."

---

[noahtalerman]

Problem

Fleet is already inventorying and mapping CVE and other vulnerability data for my Linux hosts. However, when I go to Software > OS I am presented with the message Not supported for my Linux operating systems.

What have you tried?

N/A

Potential solutions

Surface vulnerability information on this screen similar to what is already being done for macOS and Windows.

What is the expected workflow as a result of your proposal?

I will no longer see Not supported in the Vulnerabilities column and instead see which of my Linux operating systems have the most vulnerabilities so I can further prioritize remediation or corporate patch policies.

[mostlikelee]

The historical reason for this is that our research showed there is no clear concept of OS vulnerabilities on linux, supported by how vulnerabilities are reported in OVAL feeds. An OS is essentially made up of packages and a kernel, both which are reported today in Fleet software.