FreeBSD-kernel-13.4_1 is vulnerable (kernel not upgraded?)

We have recently upgraded from 13.3-RELEASE to 13.4-RELEASE-p2 but the daily security run output is still showing the following :

Code:
Checking for security vulnerabilities in base (userland & kernel):
vulnxml file up-to-date
FreeBSD-kernel-13.4_1 is vulnerable:
FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
CVE: CVE-2024-39281
WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html

1 problem(s) in 1 installed package(s) found.
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.

The freebsd-version -kru command is showing the following:

Code:
13.4-RELEASE-p1
13.4-RELEASE-p1
13.4-RELEASE-p2

Didn't the kernel got updated this time?
 
That is a false positive.

The kernel module that contained the bug has been revuilt, but that doesn't triggerthe version bumo for display.
 
Back
Top