Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 9
System Settings
Kernel Configuration
Disallow merge of slab caches
Disallow merge of slab caches
An XCCDF Rule
Details
Profiles
Prose
Disallow merge of slab caches
Medium Severity
For reduced kernel memory fragmentation, slab caches can be merged when they share the same size and other characteristics. This carries a risk of kernel heap overflows being able to overwrite objects from merged caches (and more easily control cache layout), which makes such heap attacks easier to exploit by attackers. This configuration is available from kernel 4.13. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_SLAB_MERGE_DEFAULT
, run the following command:
grep CONFIG_SLAB_MERGE_DEFAULT /boot/config-*
Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.