AlmaLinux OS 9 must restrict exposed kernel pointer addresses access.
An XCCDF Rule
Description
Exposing kernel pointers (through procfs or "seq_printf()") exposes kernel writeable structures, which may contain functions pointers. If a write vulnerability occurs in the kernel, allowing write access to any of this structure, the kernel can be compromised. This option disallows any program without the CAP_SYSLOG capability to get the addresses of kernel pointers by replacing them with "0".
- ID
- SV-269423r1050306_rule
- Version
- ALMA-09-040830
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure AlmaLinux OS 9 to restrict exposed kernel pointer addresses access with the following command:
$ echo "kernel.kptr_restrict = 1" > /etc/sysctl.d/60-kptr.conf
Load settings from all system configuration files with the following command:
$ sysctl --system