Skip to main content
Sample Patch Truth Report

Disk says patched. Running code may disagree.

A one-host report showing vulnerable packages, fixed versions, running-code evidence, and the next action: update, restart, reboot, review, or no action.

See the disk vs running-code evidence
Anonymized sample data. Read-only · short-lived · exits after upload.
verdict · sample-rhel-hostAction needed
On disk
openssl-libs
3.0.7-28.el9_4
Package upgraded — reported "patched"
In memory
nginx · postgres
still map 3.0.7-25
Old libssl mapped & deleted — restart pending
6 findings are patched on disk but still running vulnerable code.
01Executive summary

The top of a real report.

Everything a reader needs before the detail: one host, what it runs, and how much of its "patched" state is actually live.

sample-rhel-hostAnonymized sample dataAction needed
hostsample-rhel-hostdistroRocky Linux 9.4kernel (running)5.14.0-427.el9scannedJul 2, 2026 · 09:14 UTCmoderead-only · one host
74
vulnerable package findings
47
critical / high severity
6
disk vs running-code deltas
3
reboot or restart likely required
02The core differentiator

Installed on disk vs actually running.

This is where most scanners stop. A fix being installed is not the same as the fix being live — long-running services keep mapping the old code until they restart.

Each row compares the package version on disk against the code still loaded in memory, with the process-level evidence and the exact next action. Rows highlighted below are running-code deltas.

Package update requiredRunning-code deltaRestart requiredReboot likelyCleanNeeds review
PackageInstalled on diskFixed versionRunning-code evidenceStatusAction
openssl-libs1:3.0.7-28.el9_41:3.0.7-28.el9_4
nginx (pid 1182), postgres (pid 1547) still map libssl.so.3 @ 3.0.7-25 (deleted)
Running-code deltaRestart nginx, postgres
kernel5.14.0-503.el95.14.0-503.el9
Fixed kernel installed, but running kernel is still 5.14.0-427.el9
Reboot likelyReboot host
glibc2.34-100.el9_42.34-100.el9_4
41 processes still map ld-linux-x86-64.so.2 @ 2.34-83 (deleted)
Restart requiredRestart affected services
expat2.5.0-2.el92.5.0-3.el9_4
Loaded by libxml2 in running services — fix not yet on disk
Package update requiredUpdate expat, then restart
libxml22.9.13-6.el92.9.13-6.el9_4
Linked into long-running services — reachability needs confirmation
Needs reviewReview + restart
curl7.76.1-31.el97.76.1-31.el9
Reloaded after update · no stale maps found
CleanNo action
openssl-libsRunning-code delta
On disk1:3.0.7-28.el9_4
Fixed version1:3.0.7-28.el9_4
nginx (pid 1182) + postgres (pid 1547) still map libssl.so.3 @ 3.0.7-25 (deleted)
Restart nginx, postgres
kernelReboot likely
On disk5.14.0-503.el9
Fixed version5.14.0-503.el9
Fixed kernel installed, but running kernel is still 5.14.0-427.el9
Reboot host
glibcRestart required
On disk2.34-100.el9_4
Fixed version2.34-100.el9_4
41 processes still map ld-linux-x86-64.so.2 @ 2.34-83 (deleted)
Restart affected services
expatPackage update required
On disk2.5.0-2.el9
Fixed version2.5.0-3.el9_4
Loaded by libxml2 in running services — fix not yet on disk
Update expat, then restart
libxml2Needs review
On disk2.9.13-6.el9
Fixed version2.9.13-6.el9_4
Linked into long-running services — reachability needs confirmation
Review + restart
curlClean
On disk7.76.1-31.el9
Fixed version7.76.1-31.el9
Reloaded after update · no stale maps found
No action
03Findings

Each finding carries its remediation.

Not a raw CVE dump. Every row ties a vulnerability to the package version present, the vendor fix, the affected service, and the exact next step.

CVESeverityPackageInstalled → fixedAffected serviceRecommended action
CVE-2024-1086KEVCriticalkernel5.14.0-427.el95.14.0-503.el9running kernelReboot host
CVE-2022-3602Highopenssl-libs3.0.7-25 (mapped)3.0.7-28.el9_4nginx, postgresRestart services
CVE-2023-0286Highopenssl-libs3.0.7-25 (mapped)3.0.7-28.el9_4nginxRestart nginx
CVE-2024-2961Highglibc2.34-83 (mapped)2.34-100.el9_441 processesRestart services
CVE-2023-44487Mediumnginx1.20.1-14.el91.20.1-16.el9_4nginxUpdate + restart
CVE-2024-25062Mediumlibxml22.9.13-6.el92.9.13-6.el9_4Manual review
CVE-2023-38545Highcurl7.76.1-29.el97.76.1-31.el9Verified fixed
Showing 7 of 74 findings from this sample host. CVE IDs link to the NVD record.
CVE-2024-1086KEVCritical
Packagekernel
Fix5.14.0-427.el95.14.0-503.el9
Servicerunning kernel
ActionReboot host
Packageopenssl-libs
Fix3.0.7-25 (mapped)3.0.7-28.el9_4
Servicenginx, postgres
ActionRestart services
Packageopenssl-libs
Fix3.0.7-25 (mapped)3.0.7-28.el9_4
Servicenginx
ActionRestart nginx
Packageglibc
Fix2.34-83 (mapped)2.34-100.el9_4
Service41 processes
ActionRestart services
Packagenginx
Fix1.20.1-14.el91.20.1-16.el9_4
Servicenginx
ActionUpdate + restart
Packagelibxml2
Fix2.9.13-6.el92.9.13-6.el9_4
Service
ActionManual review
Packagecurl
Fix7.76.1-29.el97.76.1-31.el9
Service
ActionVerified fixed
04Compliance & MSSP evidence

Evidence a client, manager, or auditor can actually use.

Forwardable proof, not sales copy. Every question a reviewer asks about a host is answered on one page.

One artifact, six answers. Forward it as-is — no login required to read.ClientManagerAuditor
What was scanned
486 packages, the running kernel, listening services and the memory maps of every long-running process on sample-rhel-host.
When it was scanned
Jul 2, 2026 · 09:14 UTC. A single read-only snapshot — no agent left behind, process exits after upload.
What versions were present
The exact installed EVR for every package, recorded from disk — not inferred from a banner or an SBOM.
Which fixes were available
Vendor-fixed EVR matched against Rocky & RHEL security advisories for each affected package.
Was vulnerable code still running
6 running-code deltas confirmed by mapped & deleted library objects — patched on disk, still executing old code.
What action was recommended
Per finding: update, restart, reboot, review, or none — a next operational step, not just a CVE list.
05Remediation summary

Grouped by the next operational step.

The report doesn't just say "you have CVEs." It sorts every finding into the action that clears it — so the next move is obvious.

9
Update packages
expatlibxml2nginx+6 more
Vendor fix not yet on disk.
3
Restart services
nginxpostgres41 procs (glibc)
Fix on disk, old code still mapped.
1
Reboot host
kernel 5.14.0-503
Fixed kernel installed, not booted.
58
No action
curlopenssh+56 verified
Patched and confirmed live.
3
Manual review
libxml2expatkrb5-libs
Reachability needs confirmation.

Run a one-host snapshot

Generate your own report from one supported Linux host. Read-only, short-lived, exits after upload — no agent installed.

Book a guided demo

See oxharden on fleet data, then talk through how the report maps to your Linux environment, clients, or compliance workflow.