Disable vsyscall emulation

An XCCDF Rule

Description

The kernel traps and emulates calls into the fixed vsyscall address mapping. This configuration is available from kernel 5.3, but may be available if backported by distros. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_LEGACY_VSYSCALL_EMULATE, run the following command: grep CONFIG_LEGACY_VSYSCALL_EMULATE /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

The mapping is non-executable, but it still contains known contents, which could be used in certain rare security vulnerability exploits.

ID: xccdf_org.ssgproject.content_rule_kernel_config_legacy_vsyscall_emulate
Severity: Medium
References: BP28(R15)
Updated: about 1 year ago