Amazon Linux 2023 must implement nonexecutable data to protect its memory from unauthorized code execution.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-274184	SRG-OS-000433-GPOS-00192	AZLX-23-002610	SV-274184r1120540_rule	2025-07-15	1

Description
The no-execute (NX) feature uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places a process's memory regions such as the stack and heap higher than this address, the hardware prevents execution in that address range. This is enabled by default on the latest Red Hat and Fedora systems if supported by the hardware.

Description

The no-execute (NX) feature uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places a process's memory regions such as the stack and heap higher than this address, the hardware prevents execution in that address range. This is enabled by default on the latest Red Hat and Fedora systems if supported by the hardware.

ℹ️ Check
Verify Amazon Linux 2023 NX support is enabled with the following command: $ sudo dmesg \| grep '[NX\|DX]*protection' [ 0.000000] NX (Execute Disable) protection: active If "dmesg" does not show "NX (Execute Disable) protection" active, this is a finding.

✔️ Fix
Configure Amazon Linux 2023 NX support to be enabled by opening a support case via the AWS Console to investigate why NX support is not detected.