CME-110

KEXEC Restriction

Harden OS/Kernel High Confidence

Description

Prevents loading a new kernel at runtime via kexec, blocking a vector for kernel-level persistence and Secure Boot bypass.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Cannot replace running kernel to bypass security controls

CWE Relationships

CWE-269

Verification

Check kexec_load_disabled sysctl

$ cat /proc/sys/kernel/kexec_load_disabled
# Expected: 1
Platform: linux
← CME-109: Kernel Lockdown Mode CME-111: Secure Boot (UEFI) →