CME-103

Stack Canaries (Stack Protector)

Harden OS/Kernel High Confidence

Description

Compiler-inserted random guard values on the stack that are checked before function return. Detects and aborts on stack buffer overflow before attacker gains control.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Attacker must leak or guess canary value to exploit stack overflow

CWE Relationships

CWE-121 CWE-122 CWE-120

Verification

Verify binaries compiled with -fstack-protector-strong

$ readelf -s /usr/bin/ls | grep __stack_chk_fail
# Expected: __stack_chk_fail
Platform: linux
$ rpm -q --queryformat '%{FLAGS}' coreutils | grep stack-protector
# Expected: stack-protector
Platform: rhel
← CME-102: NX/XD Bit (Non-Executable Memory) CME-104: KASLR (Kernel Address Space Layout Randomization) →