AlmaLinux OS 9 must clear the page allocator to prevent use-after-free attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269293 | ALMA-09-024110 | SV-269293r1050175_rule | Medium |
| Description |
| Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. This also prevents data leaks and detects corrupted memory. |
| STIG | Date |
| CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide | 2025-05-22 |
Details
| Check Text (C-73324r1048255_chk) |
| Verify that GRUB 2 is configured to enable page poisoning to mitigate use-after-free vulnerabilities. Check that the current GRUB 2 configuration has page poisoning enabled with the following command: $ grubby --info=ALL | grep args | grep -v 'page_poison=1' If any output is returned, this is a finding. Check that page poisoning is enabled by default to persist in kernel updates with the following command: $ grep page_poison /etc/default/grub GRUB_CMDLINE_LINUX="page_poison=1" If "page_poison" is not set to "1", is missing or commented out, this is a finding. |
| Fix Text (F-73225r1049454_fix) |
| Configure AlmaLinux OS 9 to enable page poisoning with the following commands: $ grubby --update-kernel=ALL --args="page_poison=1" Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates: GRUB_CMDLINE_LINUX="page_poison=1" |