OL 8 must not let Meltdown and Spectre exploit critical vulnerabilities in modern processors.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-248593	OL08-00-010424	SV-248593r779345_rule		Medium

Description
Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents.

Description

Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents.

STIG	Date
Oracle Linux 8 Security Technical Implementation Guide	2021-07-21

Details

Check Text ( C-52027r779343_chk )
Determine the default kernel: $ sudo grubby --default-kernel /boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64 Using the default kernel, verify that Meltdown mitigations are not disabled: $ sudo grubby --info= \| grep mitigation If the mitigation parameter is set to "off" this is a finding.

Fix Text (F-51981r779344_fix)
Determine the default kernel: $ sudo grubby --default-kernel /boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64 Using the default kernel, remove the Meltdown mitigations: $ sudo grubby --update-kernel= --remove-args=mitigation=off Reboot the system for the change to take effect.