← Rules Catalog
mediumkernelverified

Verify kernel non-executable memory protection is active

kernel-nx-enabled · RHEL ≥ 8 · 1 impl

Description

The operating system must verify the kernel non-executable (NX) memory protection mechanism is active. NX prevents execution of code in non-executable memory regions, mitigating stack and heap-based exploits.

Rationale

Non-executable memory protection prevents attackers from executing shellcode placed in data segments such as the stack or heap. Without NX enabled, buffer overflow attacks can execute arbitrary code more easily.

Check → Remediate

Checkcommand
dmesg 2>/dev/null | grep -i ' NX' | grep -i 'protection: active' | head -1
expected_stdout:
protection: active
Remediatemanual
note:
NX protection is a hardware feature. Ensure the system BIOS/UEFI has Execute Disable (XD/NX) enabled. Verify the kernel is not booted with the 'noexec=off' parameter. Check: dmesg | grep -i 'NX (Execute Disable)'

Framework references

STIG

V-281293 / RHEL-10-700900V-257817 / RHEL-09-213110V-230276

NIST 800-53

CM-6SI-16

Live verification

rhel8:check
#kernel#nx#memory-protection#security