This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

Amazon Linux 2023 must restrict exposed kernel pointer addresses access.

STIG ID: AZLX-23-000210  |  SRG: SRG-OS-000132-GPOS-00067 |  Severity: medium (CAT II)  |  CCI: CCI-001082,CCI-002824 |  Vulnerability Id: V-274003

Vulnerability Discussion

Exposing kernel pointers (through procfs or "seq_printf()") exposes kernel writeable structures, which may contain functions pointers. If a write vulnerability occurs in the kernel, allowing write access to any of this structure, the kernel can be compromised. This option disallows any program without the CAP_SYSLOG capability to get the addresses of kernel pointers by replacing them with "0".

Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192

Check

Verify Amazon Linux 2023 restricts exposed kernel pointer addresses access by validating the runtime status of the Amazon Linux 2023 kernel.kptr_restrict kernel parameter with the following command:

$ sudo sysctl kernel.kptr_restrict
kernel.kptr_restrict = 1

If "kernel.kptr_restrict" is not set to "1" or is missing, this is a finding.

Fix

Configure Amazon Linux 2023 to restrict exposed kernel pointer addresses access.

Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:

kernel.kptr_restrict = 1

Reload settings from all system configuration files with the following command:

$ sudo sysctl --system
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.