{"description": "Setting <tt>init_on_free=1</tt> on boot guarantees that pages and heap objects are initialized right after they're freed, so it won't be possible to access stale data by using a dangling pointer.", "rationale": "<tt>init_on_free</tt> is a Linux kernel boot parameter that enhances security by initializing memory regions when they are freed, preventing data leakage.\nThis process ensures that stale data in freed memory cannot be accessed by malicious programs.", "severity": "medium", "references": {"nist": ["SC-3"], "srg": ["SRG-OS-000134-GPOS-00068"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must clear memory when it is freed to prevent use-after-free attacks.", "vuldiscussion": "Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.\n\nPoisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.\n\ninit_on_free is a Linux kernel boot parameter that enhances security by initializing memory regions when they are freed, preventing data leakage. This process ensures that stale data in freed memory cannot be accessed by malicious programs.\n\nSLUB canaries add a randomized value (canary) at the end of SLUB-allocated objects to detect memory corruption caused by buffer overflows or underflows. Redzoning adds padding (red zones) around SLUB-allocated objects to detect overflows or underflows by triggering a fault when adjacent memory is accessed. SLUB canaries are often more efficient and provide stronger detection against buffer overflows compared to redzoning. SLUB canaries are supported in hardened Linux kernels like the ones provided by Linux-hardened.\n\nSLAB objects are blocks of physically contiguous memory. SLUB is the unqueued SLAB allocator.", "checktext": "Verify that GRUB2 is configured to mitigate use-after-free vulnerabilities by employing memory poisoning.\n\nInspect the \"GRUB_CMDLINE_LINUX\" entry of /etc/default/grub as follows:\n$ sudo grep -i grub_cmdline_linux /etc/default/grub\nGRUB_CMDLINE_LINUX=\"... init_on_free=1\"\n\nIf \"init_on_free=1\" is missing or commented out, this is a finding.", "fixtext": "Configure Ubuntu 22.04 to enable init_on_free with the following command:\n$ sudo grubby --update-kernel=ALL --args=\"init_on_free=1\"\n\nRegenerate the GRUB configuration:\n$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg\n\nReboot the system:\n$ sudo reboot"}}, "platform": "grub2", "platforms": ["grub2"], "sce_metadata": {}, "inherited_platforms": ["grub2 and system_with_kernel"], "cpe_platform_names": ["grub2"], "inherited_cpe_platform_names": ["grub2_and_system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "The system must booted with init_on_free=1", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/bootloader-grub2/grub2_init_on_free/rule.yml", "template": {"name": "grub2_bootloader_argument", "vars": {"arg_name": "init_on_free", "arg_value": "1"}, "backends": {}}}