Preview Tool

Cisco Bug: CSCvu70011 - CIAM: linux-kernel 3.10.87

Last Modified

Jul 17, 2020

Products (1)

  • Cisco Crosswork Network Automation

Known Affected Releases


Description (partial)

This is a false positive. 
We are using a newer kernel 4.15.x
However the Corona scan finds one file from a debian package called linux-firmware.
This binary file /lib/firmware/liquidio/lio_23xx_vsw.bin is a firmware file for a specific Cavium Octeon NIC.
(inside the binary file there's string "Linux version 3.10.87-rt80-Cavium-Octeon").

We don't use this binary. Even if we needed to use it, this is the kernel version used to compile the firmware which runs inside a NIC, and not as the kernel version running on the VM.

The linux-firmware package is a collection of firmware files for different NIC vendors. This package is mostly relevant for the solutions running on a particular hardware. The package is always installed, and it is not a good practice to remove it.

We can however remove this particular file, so that the CIAM alerts are not producing this false positive.

This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:

CVE-2015-9289 -
CVE-2016-10764 -
CVE-2016-2063 -
CVE-2017-18379 -
CVE-2018-5703 -
CVE-2019-14895 -
CVE-2019-14901 -
CVE-2019-15292 -
CVE-2019-15504 -
CVE-2019-15505 -
CVE-2019-15926 -
CVE-2019-16746 -
CVE-2019-17133 -
CVE-2019-18805 -
CVE-2019-18814 -

This bug was opened to address the potential impact on this product.

Device with default configuration.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.