An error occurred:

Check: SRG-OS-000433-VMM-001740

Virtual Machine Manager SRG: SRG-OS-000433-VMM-001740 (in versions v2 r2 through v1 r3)

Title

The VMM must implement non-executable data to protect its memory from unauthorized code execution. (Cat II impact)

Discussion

Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Data execution prevention safeguards can either be hardware-enforced or software-enforced with hardware providing the greater strength of mechanism. Examples of attacks are buffer overflow attacks.

Check Content

Verify the VMM implements non-executable data to protect its memory from unauthorized code execution. If it does not, this is a finding.

Fix Text

Configure the VMM to implement non-executable data to protect its memory from unauthorized code execution.

Additional Identifiers

Rule ID: SV-207503r958928_rule

Vulnerability ID: V-207503

Group Title: SRG-OS-000433

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002824

Implement organization-defined controls to protect the system memory from unauthorized code execution.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-16

Memory Protection