Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4
System Settings
File Permissions and Masks
Restrict Programs from Dangerous Execution Patterns
Enable Execute Disable (XD) or No Execute (NX) Support on x86 Systems
Enable Execute Disable (XD) or No Execute (NX) Support on x86 Systems
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Enable Execute Disable (XD) or No Execute (NX) Support on x86 Systems
1 Rule
Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, this ability is called No Execute (NX), while on Intel processors it is called Execute Disable (XD). This ability can help prevent exploitation of buffer overflow vulnerabilities and should be activated whenever possible. Extra steps must be taken to ensure that this protection is enabled, particularly on 32-bit x86 systems. Other processors, such as Itanium and POWER, have included such support since inception and the standard kernel for those platforms supports the feature. This is enabled by default on the latest Oracle Linux, Red Hat and Fedora systems if supported by the hardware.
Enable NX or XD Support in the BIOS
Medium Severity
Reboot the system and enter the BIOS or Setup configuration menu. Navigate the BIOS configuration menu and make sure that the option is enabled. The setting may be located under a Security section. Look for Execute Disable (XD) on Intel-based systems and No Execute (NX) on AMD-based systems.