STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide

V-256535

CAT II (Medium)

The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.

Rule ID

SV-256535r958928_rule

STIG

VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide

Version

V1R4

CCIs

CCI-002824

Discussion

ASLR makes it more difficult for an attacker to predict the location of attack code they have introduced into a process's address space during an attempt at exploitation. ASLR also makes it more difficult for an attacker to know the location of existing code to repurpose it using return-oriented programming (ROP) techniques.

Check Content

At the command line, run the following command:

# cat /proc/sys/kernel/randomize_va_space

If the value of "randomize_va_space" is not "2", this is a finding.

Fix Text

Navigate to and open:

/etc/sysctl.d/50-security-hardening.conf

Ensure the "randomize_va_space" is uncommented and set to the following:

kernel.randomize_va_space=2

At the command line, run the following command:

# sysctl --system