{"description": "Disabling it is roughly equivalent to booting with vsyscall=none, except that it will also\ndisable the helpful warning if a program tries to use a vsyscall. With this option set to N,\noffending programs will just segfault, citing addresses of the form 0xffffffffff600?00.\nThis configuration is available from kernel 3.19.\n\nThe configuration that was used to build kernel is available at <tt>/boot/config-*</tt>.\n    To check the configuration value for <tt>CONFIG_X86_VSYSCALL_EMULATION</tt>, run the following command:\n    <tt>grep CONFIG_X86_VSYSCALL_EMULATION /boot/config-*</tt>\n    \n    Configs with value 'n' are not explicitly set in the file, so either commented lines or no\n    lines should be returned.\n    ", "rationale": "The vsyscall table is no longer required and is a potential source of ROP gadgets.", "severity": "low", "references": {"anssi": ["R15"]}, "control_references": {"anssi": ["R15"]}, "components": [], "identifiers": {}, "ocil_clause": "the kernel was not built with the required value", "ocil": "To determine the config value the kernel was built with, run the following command:\n    <pre>$ grep CONFIG_X86_VSYSCALL_EMULATION /boot/config.*</pre>\n    \n    Configs with value 'n' are not explicitly set in the file, so either commented lines or no\n    lines should be returned.\n    ", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "There is no remediation for this besides re-compiling the kernel with the appropriate value for the config."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Disable x86 vsyscall emulation", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/kernel_build_config/kernel_config_x86_vsyscall_emulation/rule.yml", "template": {"name": "kernel_build_config", "vars": {"config": "CONFIG_X86_VSYSCALL_EMULATION", "value": "n"}, "backends": {}}}