CME-101

ASLR (Address Space Layout Randomization)

Harden OS/Kernel High Confidence

Description

Randomizes memory layout of processes, making memory corruption exploits significantly harder by requiring the attacker to guess or leak addresses.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Attacker must defeat randomization via info leak or brute force

CWE Relationships

CWE-119 CWE-120 CWE-122 CWE-787 CWE-125 CWE-416 CWE-415

Verification

Check kernel randomize_va_space sysctl is set to 2 (full randomization)

$ cat /proc/sys/kernel/randomize_va_space
# Expected: 2
Platform: linux
$ sysctl kernel.randomize_va_space
# Expected: kernel.randomize_va_space = 2
Platform: linux

References

  • Red Hat Security Hardening Guide — Protecting against memory-based attacks
  • CIS RHEL 9 Benchmark — 1.5.2 Ensure address space layout randomization (ASLR) is enabled
CME-102: NX/XD Bit (Non-Executable Memory) →