The Linux kernel is the core component of a family of Operating Systems (OS) that underpins a large number of government and commercial servers and infrastructure devices. Kernel functionality is commonly enhanced through the use of modules, which can be loaded at boot time or during normal system operation. Modules run at the same privilege level as the kernel. Any vulnerabilities in kernel modules present a serious risk.
System owners are advised to 1) ensure that only signed kernel modules are loaded, and 2) prevent loading of unnecessary kernel modules. Although it reduces attack surface, preventing module loading is not practical for many general-purpose systems and thus is not suitable for use in compliance baselines.
Date Published: 15 December 2017
Last Reviewed: 13 December 2017
Dissemination Control: N/A