Disable vsyscall emulate execution only

An XCCDF Rule

Details
Profiles
Prose

Description

The kernel traps and emulates calls into the fixed vsyscall address mapping and does not allow reads. This configuration is available from kernel 5.3. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_LEGACY_VSYSCALL_XONLY, run the following command: grep CONFIG_LEGACY_VSYSCALL_XONLY /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

Disabling this mitigates certain uses of the vsyscall area as an ASLR-bypassing buffer.

ID: xccdf_org.ssgproject.content_rule_kernel_config_legacy_vsyscall_xonly
Severity: Medium
References: BP28(R15)
Updated: about 1 year ago