UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.


Overview

Finding ID Version Rule ID IA Controls Severity
V-257809 RHEL-09-213070 SV-257809r958928_rule Medium
Description
Address space layout randomization (ASLR) makes it more difficult for an attacker to predict the location of attack code they have introduced into a process' address space during an attempt at exploitation. Additionally, ASLR makes it more difficult for an attacker to know the location of existing code in order to repurpose it using return oriented programming (ROP) techniques. Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61550r942974_chk )
Verify RHEL 9 is implementing ASLR with the following command:

$ sudo sysctl kernel.randomize_va_space

kernel.randomize_va_space = 2

Check that the configuration files are present to enable this kernel parameter.
Verify the configuration of the kernel.kptr_restrict kernel parameter with the following command:

$ sudo /usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F kernel.randomize_va_space | tail -1

kernel.randomize_va_space = 2

If "kernel.randomize_va_space" is not set to "2" or is missing, this is a finding.
Fix Text (F-61474r925413_fix)
Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:

kernel.randomize_va_space = 2

Reload settings from all system configuration files with the following command:

$ sudo sysctl --system