7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.6%
The IMA (Integrity Measurement Architecture) is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts (TPM). This tool allows signing of files in userspace, inclusding options of including the signature in xattr or a .sig file, using signing keys stored in the kernel keyring to ensure they’re not recoverable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Fedora | 38 | any | keyring-ima-signer | < 0.1.0 | UNKNOWN |