Are you concerned when some security software flags older kernels as security threats due to known bugs and vulnerabilities? Does leave those outdated kernels installed on a server opens a door for malicious attacks?
After upgrading the server or updating the Linux kernel, leaving old kernels installed likely does not open an attacking threat against a Linux system. The only risk is if the server admin uses the outdated kernel with the known vulnerability at boot time rather than the patched kernel. But doing so will generally require console access, physical access, and root password. This security issue can be mitigated by password-protecting the GRUB bootloader.
It is in the system administrator’s best interest to keep at least one older kernel in your Linux server if an error occurs with the current running kernel. It would be best to create a policy of how many old kernels should be kept on the server to increase protection against kernel panic and other boot errors.
If the kernel has a high-risk security vulnerability, it would be best to remove the specific kernel while leaving older kernels that are not significantly impacted by security bugs.
Properly managing installed kernel packages is critical to a resilient Linux-based server. It should be noted that older kernel packages are not removed by default during a Linux server update. Some older kernels have known bugs and are susceptible to critical security vulnerabilities.
