{"description": "This option makes the kernel BUG when it encounters data corruption in kernel memory structures\nwhen they get checked for validity.\nThis configuration is available from kernel 4.10.\n\nThe configuration that was used to build kernel is available at <tt>/boot/config-*</tt>.\n    To check the configuration value for <tt>CONFIG_BUG_ON_DATA_CORRUPTION</tt>, run the following command:\n    <tt>grep CONFIG_BUG_ON_DATA_CORRUPTION /boot/config-*</tt>\n    \n    For each kernel installed, a line with value \"y\" should be returned.\n    ", "rationale": "This helps detect data corruptions early and stop with a BUG() error message.", "severity": "low", "references": {"anssi": ["R16"]}, "control_references": {"anssi": ["R16"]}, "components": [], "identifiers": {}, "ocil_clause": "the kernel was not built with the required value", "ocil": "To determine the config value the kernel was built with, run the following command:\n    <pre>$ grep CONFIG_BUG_ON_DATA_CORRUPTION /boot/config.*</pre>\n    \n    For each kernel installed, a line with value \"y\" should be returned.\n    ", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "There is no remediation for this besides re-compiling the kernel with the appropriate value for the config."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Trigger a kernel BUG when data corruption is detected", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml", "template": {"name": "kernel_build_config", "vars": {"config": "CONFIG_BUG_ON_DATA_CORRUPTION", "value": "y"}, "backends": {}}}