CVE-2025-68183

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ima: don&amp;#39;t clear IMA_DIGSIG flag when setting or removing non-IMA xattr<br /> <br /> Currently when both IMA and EVM are in fix mode, the IMA signature will<br /> be reset to IMA hash if a program first stores IMA signature in<br /> security.ima and then writes/removes some other security xattr for the<br /> file.<br /> <br /> For example, on Fedora, after booting the kernel with "ima_appraise=fix<br /> evm=fix ima_policy=appraise_tcb" and installing rpm-plugin-ima,<br /> installing/reinstalling a package will not make good reference IMA<br /> signature generated. Instead IMA hash is generated,<br /> <br /> # getfattr -m - -d -e hex /usr/bin/bash<br /> # file: usr/bin/bash<br /> security.ima=0x0404...<br /> <br /> This happens because when setting security.selinux, the IMA_DIGSIG flag<br /> that had been set early was cleared. As a result, IMA hash is generated<br /> when the file is closed.<br /> <br /> Similarly, IMA signature can be cleared on file close after removing<br /> security xattr like security.evm or setting/removing ACL.<br /> <br /> Prevent replacing the IMA file signature with a file hash, by preventing<br /> the IMA_DIGSIG flag from being reset.<br /> <br /> Here&amp;#39;s a minimal C reproducer which sets security.selinux as the last<br /> step which can also replaced by removing security.evm or setting ACL,<br /> <br /> #include <br /> #include <br /> #include <br /> #include <br /> #include <br /> #include <br /> <br /> int main() {<br /> const char* file_path = "/usr/sbin/test_binary";<br /> const char* hex_string = "030204d33204490066306402304";<br /> int length = strlen(hex_string);<br /> char* ima_attr_value;<br /> int fd;<br /> <br /> fd = open(file_path, O_WRONLY|O_CREAT|O_EXCL, 0644);<br /> if (fd == -1) {<br /> perror("Error opening file");<br /> return 1;<br /> }<br /> <br /> ima_attr_value = (char*)malloc(length / 2 );<br /> for (int i = 0, j = 0; i