OL 8 must not let Meltdown and Spectre exploit critical vulnerabilities in modern processors.

An XCCDF Rule

Description

<VulnDiscussion>Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-248593r779345_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Determine the default kernel:  
 
$ sudo grubby --default-kernel 
 
/boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64 
 Using the default kernel, remove the Meltdown mitigations: 
 
$ sudo grubby --update-kernel=<path-to-default-kernel>  --remove-args=mitigation=off 
 
Reboot the system for the change to take effect.

OL 8 must not let Meltdown and Spectre exploit critical vulnerabilities in modern processors.

Description

Remediation - Manual Procedure