There is a mistake in the oval file provided here.(https://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml) The definition of 'RHSA-2017:0372' does not provide a 'criterion' to check whether the kernel is compiled with target aarch64 or not. Actually, the 'test criterion' (oval:com.redhat.rhsa:tst:20170372013) will always return true on RHEL7 of any other architecture. So, it will make many tools fail at this... -------------------------------------------------------------------------- wrong lines pasted below -------------------------------------------------------------------------- <criteria operator="AND"> <criteria operator="OR"> <criterion comment="Red Hat Enterprise Linux 7 Client is installed" test_ref="oval:com.redhat.rhsa:tst:20140675001"/> <criterion comment="Red Hat Enterprise Linux 7 Server is installed" test_ref="oval:com.redhat.rhsa:tst:20140675002"/> <criterion comment="Red Hat Enterprise Linux 7 Workstation is installed" test_ref="oval:com.redhat.rhsa:tst:20140675003"/> <criterion comment="Red Hat Enterprise Linux 7 ComputeNode is installed" test_ref="oval:com.redhat.rhsa:tst:20140675004"/> </criteria> <criteria operator="OR"> <criteria operator="AND"> <criterion comment="kernel is earlier than 0:4.5.0-15.2.1.el7" test_ref="oval:com.redhat.rhsa:tst:20170372013"/> <criterion comment="kernel is signed with Red Hat redhatrelease2 key" ...... ...... --------------------------------------------------------------------------
Thanks for reporting this bug. We are working towards fixing this and regenerating the OVAL feeds with the criterion added.