This is not a direct way to know which CVEs are patched in your instance, but you can go through the steps below to check:
- Use Amazon Inspector to identify the CVE issues in your instance. There is a new Amazon Inspector that is faster in identifying these, but personally I still currently prefer the Amazon Inspector Classic as I know how to specify which particular EC2 instance I want to include in the security assessment (by using Tags).
Once Amazon Inspector is done with the assessment, check the CVE findings in your instance.
Compare the CVE findings of your instance against the CVE rules package included in Amazon Inspector. [Note: The rules package in the link is for Amazon Inspector Classic.]
When to update apache 2.4.52 on amazon linux ?asked 9 months ago
ECS-optimized Amazon Linux 2 latest AMI does have fix for the latest vulnerable CVE-2022-0847?asked 6 months ago
Trying to patch a vulnerability and understand OpenSSL versions in Amazon Linux 2asked 9 days ago
Beanstalk node.js amazon linux 2 running on nginx 1.20.0 which has critical vulnerability CVE-2021-23017asked 7 months ago
Amazon Linux 2 Apache package version updateasked 9 months ago
OpenSSH Last version in Amazon Linux 2asked a year ago
Amazon Linux 2 - How can I know if a CVE has been patched?asked a month ago
Linux 2 OpenSSH Failing Vulnerability Scanasked 3 months ago
When will java-17-amazon-corretto be patched in the Amazon Linux 2 AMI?asked 5 months ago
Is AWS Linux / Linux 2 vulnerable to CVE-2021-4034?asked 8 months ago