What did you do? (required. The issue will be closed when not provided.)
- install Ubuntu18.04 on Hyper-V
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.6 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
$ uname -r
4.15.0-197-generic
$ dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n" | grep ^linux-
linux-base,ii ,4.5ubuntu1.7,,4.5ubuntu1.7
linux-firmware,ii ,1.173.21,,1.173.21
linux-generic,ii ,4.15.0.197.182,linux-meta,4.15.0.197.182
linux-headers-4.15.0-197,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-headers-4.15.0-197-generic,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-headers-generic,ii ,4.15.0.197.182,linux-meta,4.15.0.197.182
linux-image-4.15.0-197-generic,ii ,4.15.0-197.208,linux-signed,4.15.0-197.208
linux-image-generic,ii ,4.15.0.197.182,linux-meta,4.15.0.197.182
linux-modules-4.15.0-197-generic,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-modules-extra-4.15.0-197-generic,ii ,4.15.0-197.208,linux,4.15.0-197.208
- install vulsctl
$ sudo bash install.sh
$ /usr/local/go/bin/go version
go version go1.19.3 linux/amd64
$ which vuls
/usr/local/bin/vuls
$ vuls -v
vuls-v0.21.1-build-20221115_133708_1d97e91
$ goval-dictionary fetch ubuntu 18
$ go-cve-dictionary fetch nvd
$ ll *.sqlite3
-rw-r--r-- 1 wk wk 1209712640 Nov 15 13:44 cve.sqlite3
-rw-r--r-- 1 wk wk 32186368 Nov 15 13:39 oval.sqlite3
$ cat config.toml
[servers]
[servers.localhost]
host = "127.0.0.1"
port = "local"
scanMode = ["fast"]
- Vuls scan/report (A)
$ vuls scan
$ vuls report -quiet | grep linux
| CVE-2022-3649 | 9.8 | AV:N | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-23960 | 8.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2017-13165 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2018-12930 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2018-12931 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-19378 | 7.8 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-19814 | 7.8 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-11725 | 7.8 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-12362 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-39801 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-20421 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-3239 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-20425 | 7.5 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-20429 | 7.5 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-0400 | 7.5 | AV:N | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-14899 | 7.4 | AV:A | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-32078 | 7.1 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-3864 | 7.0 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-39686 | 7.0 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-23041 | 7.0 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-3028 | 7.0 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2013-7445 | 6.9 | AV:N | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2015-8553 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2016-8660 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2018-17977 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-26141 | 6.9 | AV:A | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-26145 | 6.9 | AV:A | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-26541 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-27835 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-36310 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-20320 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-33061 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-33624 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-34556 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-35477 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-39800 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-4148 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-4150 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-4159 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-4218 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-44879 | 6.9 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-0168 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-0382 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-0480 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-1263 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-1280 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-1508 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-20148 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-20166 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-20369 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-2153 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-26373 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-2663 | 6.9 | AV:N | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-2991 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-3061 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-39188 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-39842 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-40307 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-42703 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2018-1121 | 5.9 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2016-10723 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2017-13693 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2018-12928 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2018-12929 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-19815 | 5.5 | AV:N | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-12363 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-12364 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-3669 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-0854 | 5.5 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2017-0537 | 4.7 | AV:N | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-16230 | 4.7 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-27820 | 4.7 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2019-15213 | 4.6 | AV:L | POC | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2022-20132 | 4.6 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-14304 | 4.4 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2020-35501 | 3.9 | AV:L | | | unfixed | linux-image-4.15.0-197-generic |
| CVE-2021-34981 | 3.9 | | | | unfixed | linux-image-4.15.0-197-generic |
$ vuls report -quiet | grep linux | wc -l
77
- Install old kernel, and reboot with old kernel
$ sudo apt install linux-image-4.15.0-22-generic
...reboot with old kernel
$ uname -r
4.15.0-22-generic
$ dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n" | grep ^linux-
linux-base,ii ,4.5ubuntu1.7,,4.5ubuntu1.7
linux-firmware,ii ,1.173.21,,1.173.21
linux-generic,ii ,4.15.0.197.182,linux-meta,4.15.0.197.182
linux-headers-4.15.0-197,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-headers-4.15.0-197-generic,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-headers-generic,ii ,4.15.0.197.182,linux-meta,4.15.0.197.182
linux-image-4.15.0-197-generic,ii ,4.15.0-197.208,linux-signed,4.15.0-197.208
linux-image-4.15.0-22-generic,ii ,4.15.0-22.24,linux-signed,4.15.0-22.24
linux-image-generic,ii ,4.15.0.197.182,linux-meta,4.15.0.197.182
linux-libc-dev:amd64,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-modules-4.15.0-197-generic,ii ,4.15.0-197.208,linux,4.15.0-197.208
linux-modules-4.15.0-22-generic,ii ,4.15.0-22.24,linux,4.15.0-22.24
linux-modules-extra-4.15.0-197-generic,ii ,4.15.0-197.208,linux,4.15.0-197.208
- Vuls scan/report (B)
$ vuls scan
$ vuls report -quiet | grep linux
| CVE-2022-3649 | 9.8 | AV:N | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-23960 | 8.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2017-13165 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2018-12930 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2018-12931 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-19378 | 7.8 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-19814 | 7.8 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-11725 | 7.8 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-12362 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-39801 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-20421 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-3239 | 7.8 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-20425 | 7.5 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-20429 | 7.5 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-0400 | 7.5 | AV:N | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-14899 | 7.4 | AV:A | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-32078 | 7.1 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-3864 | 7.0 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-39686 | 7.0 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-23041 | 7.0 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-3028 | 7.0 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2013-7445 | 6.9 | AV:N | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2015-8553 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2016-8660 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2018-17977 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-26141 | 6.9 | AV:A | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-26145 | 6.9 | AV:A | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-26541 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-27835 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-36310 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-20320 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-33061 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-33624 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-34556 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-35477 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-39800 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-4148 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-4150 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-4159 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-4218 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-44879 | 6.9 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-0168 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-0382 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-0480 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-1263 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-1280 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-1508 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-20148 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-20166 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-20369 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-2153 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-26373 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-2663 | 6.9 | AV:N | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-2991 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-3061 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-39188 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-39842 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-40307 | 6.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-42703 | 6.9 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2018-1121 | 5.9 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2016-10723 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2017-13693 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2018-12928 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2018-12929 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-19815 | 5.5 | AV:N | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-12363 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-12364 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-3669 | 5.5 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-0854 | 5.5 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2017-0537 | 4.7 | AV:N | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-16230 | 4.7 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-27820 | 4.7 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2019-15213 | 4.6 | AV:L | POC | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2022-20132 | 4.6 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-14304 | 4.4 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2020-35501 | 3.9 | AV:L | | | unfixed | linux-image-4.15.0-22-generic |
| CVE-2021-34981 | 3.9 | | | | unfixed | linux-image-4.15.0-22-generic |
$ vuls report -quiet | grep linux | wc -l
77
What did you expect to happen?
Many vulneravilities are detected by old kernel then new kernel
Fixed vulneravilities are detected at old kernel
What happened instead?
The number of vulneravilities are same
Only unfixed vulneravilities are detected
Configuration (MUST fill this out):
$ /usr/local/go/bin/go version
go version go1.19.3 linux/amd64
$ /usr/local/go/bin/go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/wk/.cache/go-build"
GOENV="/home/wk/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/wk/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/wk/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19.3"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build603454895=/tmp/go-build -gno-record-gcc-switches"
$ vuls -v
vuls-v0.21.1-build-20221115_133708_1d97e91
$ cat config.toml
[servers]
[servers.localhost]
host = "127.0.0.1"
port = "local"
scanMode = ["fast"]