Detections
Analytics

1.79 OL08-00-010424

Information

OL 8 must not let Meltdown and Spectre exploit critical vulnerabilities in modern processors.

GROUP ID: V-248593
RULE ID: SV-248593r1069159

Hardware vulnerabilities allow programs to steal data that is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser; personal photos, emails, and instant messages; and business-critical documents.

Solution

Determine the default kernel:

$ sudo grubby --default-kernel

/boot/vmlinuz-5.4.17-2011.1.2.el8uek.x86_64

Using the default kernel, remove the argument that sets the Meltdown mitigations to "off":

$ sudo grubby --update-kernel=<path-to-default-kernel> --remove-args=mitigations=off

Reboot the system for the change to take effect.

See Also

https://workbench.cisecurity.org/benchmarks/23791

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-248593r1069159_rule, STIG-ID|OL08-00-010424, Vuln-ID|V-248593

Plugin: Unix

Control ID: dc73af84836572221c7b6784626e4c935eb0fa306db7cd23d182a0f6712a28dc