CME-102

NX/XD Bit (Non-Executable Memory)

Harden OS/Kernel High Confidence

Description

Hardware-enforced memory page permissions that prevent execution of code in data regions (stack, heap), blocking classic code injection.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Attacker must use ROP/JOP instead of direct shellcode injection

CWE Relationships

CWE-94 CWE-119 CWE-416

Verification

Check CPU supports NX bit and kernel has it enabled

$ grep -q nx /proc/cpuinfo && echo 'NX enabled'
# Expected: NX enabled
Platform: linux
$ dmesg | grep -i 'NX.*protection'
# Expected: NX (Execute Disable) protection: active
Platform: linux
← CME-101: ASLR (Address Space Layout Randomization) CME-103: Stack Canaries (Stack Protector) →