Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 9
System Settings
Kernel Configuration
Harden memory copies between kernel and userspace
Harden memory copies between kernel and userspace
An XCCDF Rule
Details
Profiles
Prose
Harden memory copies between kernel and userspace
High Severity
This option checks for obviously wrong memory regions when copying memory to/from the kernel (via copy_to_user() and copy_from_user() functions) by rejecting memory ranges that are larger than the specified heap object, span multiple separately allocated pages, are not on the process stack, or are part of the kernel text. This configuration is available from kernel 4.8, and may be available if backported by distros. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_HARDENED_USERCOPY
, run the following command:
grep CONFIG_HARDENED_USERCOPY /boot/config-*
For each kernel installed, a line with value "y" should be returned.