← Rules Catalog
lowkernelverified rollback-safe

Disable cramfs kernel module

kmod-disable-cramfs · RHEL ≥ 8 · 1 impl

Description

The cramfs filesystem is a read-only compressed filesystem. It is rarely needed on production systems and provides an unnecessary attack surface for kernel-level exploits.

Rationale

Removing support for unnecessary filesystems reduces the kernel attack surface. A vulnerability in an unused filesystem module could be exploited if the module is loadable.

Check → Remediate

Checkkernel_module_state
name:
cramfs
state:
blacklisted
Remediatekernel_module_disable
name:
cramfs

Framework references

CIS

rhel8 1.1.1.1rhel9 1.1.1.1rhel10 1.1.1.1

STIG

V-230498V-257880 / RHEL-09-231195

NIST 800-53

CM-7

Live verification

rhel10:checkrhel8:checkrhel9:check
#kernel-module#filesystem#attack-surface