CME-1101

Automated Patch Management (dnf-automatic)

Evict OS/Kernel High Confidence

Description

Automatically downloads and applies security updates on schedule. Reduces the window between vulnerability disclosure and patch application from days/weeks to hours.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Temporal: vulnerability window shortened; exploits against patched code fail

Verification

Verify automatic updates are enabled

$ systemctl is-active dnf-automatic-install.timer
# Expected: active
Platform: rhel
$ grep apply_updates /etc/dnf/automatic.conf
# Expected: apply_updates = yes
Platform: rhel

References

  • Red Hat System Administration Guide — Automatic updates
← CME-1009: Privilege Assignment Monitoring (Role Grant Alerting) CME-1102: Live Kernel Patching (kpatch/livepatch) →