OL 8 must not let Meltdown and Spectre exploit critical vulnerabilities in modern processors.

An XCCDF Rule

Description

Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents.

ID: SV-248593r991589_rule
Version: OL08-00-010424
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Determine the default kernel:  
 
$ sudo grubby --default-kernel 
 
/boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64 
Using the default kernel, remove the argument that sets the Meltdown mitigations to "off": 
 
$ sudo grubby --update-kernel=<path-to-default-kernel>  --remove-args=mitigations=off 
 
Reboot the system for the change to take effect.

OL 8 must not let Meltdown and Spectre exploit critical vulnerabilities in modern processors.

Description

Remediation Templates

A Manual Procedure