{"description": "Recent processors in the x86 family support the\nability to prevent code execution on a per memory page basis.\nGenerically and on AMD processors, this ability is called No\nExecute (NX), while on Intel processors it is called Execute\nDisable (XD). This ability can help prevent exploitation of buffer\noverflow vulnerabilities and should be activated whenever possible.\nExtra steps must be taken to ensure that this protection is\nenabled, particularly on 32-bit x86 systems. Other processors, such\nas Itanium and POWER, have included such support since inception\nand the standard kernel for those platforms supports the\nfeature. This is enabled by default on the latest Oracle Linux, Red Hat and\nFedora systems if supported by the hardware.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["bios_enable_execution_restrictions", "install_PAE_kernel_on_x86-32"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Enable Execute Disable (XD) or No Execute (NX) Support on\nx86 Systems", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/enable_nx/group.yml"}