CVE-2025-68740

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the Integrity Measurement Architecture (IMA) subsystem. Specifically, the ima match rules() function incorrectly handles error codes returned by ima filter rule match(). If ima filter rule match() returns -ENOENT, indicating a NULL rule, the check 'if (!rc)' is bypassed, leading to a false positive match. This results in extra files being measured by IMA. The issue occurs when the SELinux policy module is unloaded via 'semodule -d', and an IMA measurement is triggered before ima lsm rules is updated. The call trace includes functions such as selinux audit rule match(), ima match rules(), ima match policy(), and process measurement(). The root cause is an incorrect conditional check that allows error codes to be misinterpreted as successful matches.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.