diff --git a/debian/control b/debian/control
index 1aef057..3c62bfa 100644
--- a/debian/control
+++ b/debian/control
@@ -125,6 +125,8 @@ Description: enhances misc security settings
   Secure Attention Key.
  .
   * Restricts loading line disciplines to `CAP_SYS_MODULE`.
+ .
+  * Restricts the `userfaultfd()` syscall to root.
  .
  Improve Entropy Collection
  .
diff --git a/etc/sysctl.d/30_security-misc.conf b/etc/sysctl.d/30_security-misc.conf
index d14b46d..e83df56 100644
--- a/etc/sysctl.d/30_security-misc.conf
+++ b/etc/sysctl.d/30_security-misc.conf
@@ -133,3 +133,9 @@ kernel.sysrq=132
 ##
 ## https://lkml.org/lkml/2019/4/15/890
 dev.tty.ldisc_autoload=0
+
+## Restrict the userfaultfd() syscall to root as it can make heap sprays
+## easier.
+##
+## https://duasynt.com/blog/linux-kernel-heap-spray
+vm.unprivileged_userfaultfd=0