CVE Status & Mitigation
Overview
Swivel Secure appliances are built on an Enterprise Linux foundation (Oracle Linux). To ensure stability, our operating system vendor utilizes backporting for security patches.
This means security fixes are applied to existing software versions without changing the major version number. Consequently, automated vulnerability scanners that rely solely on version number comparison (e.g., Nessus, Qualys, Rapid7) often report False Positives.
This document lists specific vulnerabilities that may flag on your scanners, providing evidence of mitigation or explanation of why the appliance is not affected.
Note
If you identify a vulnerability on your appliance that is not listed here, please contact Swivel Secure Support for analysis.
Known False Positives & Mitigations
ELSA-2025-20114: NetworkManager Dispatcher Permissions
Relevant CVEs: CVE-2025-20114 (and related)
Scanner Status: Critical / High
Appliance Status: Safe / Mitigated
Description
A vulnerability exists in NetworkManager where the dispatcher directory may have incorrect permissions (777), potentially allowing local privilege escalation.
Why this is a False Positive
Vulnerability scanners flag this based on the installed RPM version of NetworkManager (e.g., versions prior to 1.48.10-5.0.3). However, Swivel Secure appliances enforce the correct file permissions via configuration management, regardless of the RPM version installed. The security risk is neutralized by restricting filesystem access.
Verification of Mitigation
You can verify the appliance is secure by checking the directory permissions. Access the appliance command line and run:
ls -ld /etc/NetworkManager/dispatcher.d
Expected Output:
The output must show drwxr-xr-x (755). If the output shows drwxrwxrwx (777), please contact support immediately.
drwxr-xr-x. 2 root root 4096 Dec 9 10:00 /etc/NetworkManager/dispatcher.d
CVE-2024-38541: Kernel ‘of_modalias’ Buffer Overflow
Relevant CVEs: CVE-2024-38541
Scanner Status: High / Medium
Appliance Status: Not Affected
Description
A buffer overflow vulnerability exists in the Linux kernel’s of_modalias() function. This function is part of the Device Tree (Open Firmware) subsystem, used primarily by embedded architectures (like ARM) to describe hardware components.
Why this is a False Positive
Swivel Secure appliances on x86_64 hardware utilize ACPI for hardware discovery, not Device Trees. The vulnerable subsystem is strictly controlled by the kernel configuration flag CONFIG_OF.
On this appliance, this feature is disabled at compile time. This means the vulnerable code is not present in the kernel binary and cannot be executed, rendering the appliance immune to this specific vulnerability.
Verification
You can prove the vulnerable subsystem is not present by checking the running kernel’s build configuration.
grep "CONFIG_OF" /boot/config-$(uname -r)
Expected Output
The command should return no output (or explicitly state is not set), proving the “module” is not active.
# CONFIG_OF is not set