Mitigation-page

MID-010: No Runtime OS Driver Load

Mitigation Tier: Foundational

Description

The ability to load kernel modules and drivers during runtime is a vector for threat actors to exploit, either by loading an adversary-controlled module that is directly malicious or a vulnerable, but otherwise legitimate, module containing a privilege escalation vulnerability that can be later exploited. Therefore, if there is no need to support runtime loading and executing of drivers, removing that ability can eliminate this threat vector.

When there is a need for loadable drivers and kernel modules, MID-011 - OS Driver/Peripheral Authentication discusses how to do so safely.

IEC 62443 4-2 Mappings

  • CR 7.7 – Least functionality

References