RHEL 10 must clear the page allocator to prevent use-after-free attacks.

STIG ID: RHEL-10-701000  |  SRG: SRG-OS-000134-GPOS-00068 |  Severity: medium (CAT II)  |  CCI: CCI-001084 |  Vulnerability Id: V-281302

Vulnerability Discussion

Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. It also prevents data leakage and detection of corrupted memory.

Check

Verify RHEL 10 is configured so that the current GRUB 2 configuration enables page poisoning to mitigate use-after-free vulnerabilities.

Check that the current GRUB 2 configuration has page poisoning enabled with the following command:

$ sudo grubby --info=ALL | grep args | grep -v 'page_poison=1'

If any output is returned, this is a finding.

Check that page poisoning is enabled by default to persist in kernel updates with the following command:

$ sudo grep page_poison /etc/default/grub
GRUB_CMDLINE_LINUX="page_poison=1"

If "page_poison" is not set to "1", is missing or commented out, this is a finding.

Fix

Configure RHEL 10 to enable page poisoning with the following commands:

$ sudo grubby --update-kernel=ALL --args="page_poison=1"
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.