Which processor setting prevents code execution in memory regions?

Memory protection at the hardware level uses a no-execute flag, the NX bit (No-eXecute). This bit lives in page table entries and marks certain memory pages as non-executable, so the processor will not run code from those regions, such as the stack or heap. By preventing execution in data areas, it stops many attacks that rely on injecting and running code. Operating systems leverage this with DEP to strengthen protection. Some architectures call the same feature XN (execute-never), but NX bit is the widely used term for mainstream systems, making it the best fit here. ASLR focuses on randomizing memory addresses to complicate exploitation rather than preventing execution, and Secure Enclave is a separate security component for protecting sensitive data, not for memory execution control.