CVE-2025-68740

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ima: Handle error code returned by ima_filter_rule_match()<br /> <br /> In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to<br /> the rule being NULL, the function incorrectly skips the &amp;#39;if (!rc)&amp;#39; check<br /> and sets &amp;#39;result = true&amp;#39;. The LSM rule is considered a match, causing<br /> extra files to be measured by IMA.<br /> <br /> This issue can be reproduced in the following scenario:<br /> After unloading the SELinux policy module via &amp;#39;semodule -d&amp;#39;, if an IMA<br /> measurement is triggered before ima_lsm_rules is updated,<br /> in ima_match_rules(), the first call to ima_filter_rule_match() returns<br /> -ESTALE. This causes the code to enter the &amp;#39;if (rc == -ESTALE &amp;&amp;<br /> !rule_reinitialized)&amp;#39; block, perform ima_lsm_copy_rule() and retry. In<br /> ima_lsm_copy_rule(), since the SELinux module has been removed, the rule<br /> becomes NULL, and the second call to ima_filter_rule_match() returns<br /> -ENOENT. This bypasses the &amp;#39;if (!rc)&amp;#39; check and results in a false match.<br /> <br /> Call trace:<br /> selinux_audit_rule_match+0x310/0x3b8<br /> security_audit_rule_match+0x60/0xa0<br /> ima_match_rules+0x2e4/0x4a0<br /> ima_match_policy+0x9c/0x1e8<br /> ima_get_action+0x48/0x60<br /> process_measurement+0xf8/0xa98<br /> ima_bprm_check+0x98/0xd8<br /> security_bprm_check+0x5c/0x78<br /> search_binary_handler+0x6c/0x318<br /> exec_binprm+0x58/0x1b8<br /> bprm_execve+0xb8/0x130<br /> do_execveat_common.isra.0+0x1a8/0x258<br /> __arm64_sys_execve+0x48/0x68<br /> invoke_syscall+0x50/0x128<br /> el0_svc_common.constprop.0+0xc8/0xf0<br /> do_el0_svc+0x24/0x38<br /> el0_svc+0x44/0x200<br /> el0t_64_sync_handler+0x100/0x130<br /> el0t_64_sync+0x3c8/0x3d0<br /> <br /> Fix this by changing &amp;#39;if (!rc)&amp;#39; to &amp;#39;if (rc