I have a kernel version 2.6.32-279. In order to fix the stack clash vulnerability(CVE-2017-1000364), I have back ported patch from kernel-2.6.32-696 to 2.6.32-279. Also the glibc package was upgraded to 2.12-1.209.el6.1_1alcy.i686.rpm. When qualys guard vulnerability scan was done it reports CVE-2017-100364 is not solved and vulnerability exists.
From the linkHow does vulnerability scanning work? , I read "The scanner first tries to check the version of the service in order to detect only vulnerabilities applicable to this specific service version. Every vulnerability detection is non-intrusive, meaning that the scanner never exploits a vulnerability if it could negatively affect the host in any way."
Does it mean if the until I upgrade to kernel version where vulnerability is officially fixed, qualys guard will continue to report this vulnerability exists?
Any suggestions/clarifications to resolve this will be appreciated.