Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-248593 | OL08-00-010424 | SV-248593r991589_rule | Medium |
Description |
---|
Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents. |
STIG | Date |
---|---|
Oracle Linux 8 Security Technical Implementation Guide | 2024-06-04 |
Check Text ( C-52027r951560_chk ) |
---|
Determine the default kernel: $ sudo grubby --default-kernel /boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64 Using the default kernel, verify that Meltdown mitigations are not disabled: $ sudo grubby --info= If the "mitigations" parameter is set to "off", this is a finding. |
Fix Text (F-51981r951561_fix) |
---|
Determine the default kernel: $ sudo grubby --default-kernel /boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64 Using the default kernel, remove the argument that sets the Meltdown mitigations to "off": $ sudo grubby --update-kernel= Reboot the system for the change to take effect. |