Skip to content

Red Hat Enterprise Linux CoreOS (RHCOS) must implement nonexecutable data to protect its memory from unauthorized code execution.

An XCCDF Rule

Description

<VulnDiscussion>The NX bit is a hardware feature that prevents the execution of code from data memory regions. By enabling NX bit execute protection, OpenShift ensures that malicious code or exploits cannot execute from areas of memory that are intended for data storage. This helps protect against various types of buffer overflow attacks, where an attacker attempts to inject and execute malicious code in data memory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-257568r921647_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The NX bit execute protection must be enabled in the system BIOS. The nodes must be reinstalled. Follow the steps found here for more information:
https://access.redhat.com/solutions/2936741