CVE-2025-68183 ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

🗓️ 16 Dec 2025 13:43:01Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

Prevent clearing IMA_DIGSIG when non-IMA xattrs are set or removed to avoid IMA signatures turning into hashes.

Reporter	Title	Published	Views	Family All 477
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1495)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : kernel (ALSA-2026:21706)	28 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : kernel-rt (ALSA-2026:21745)	29 May 202600:00	–	nessus
Tenable Nessus	CentOS 9 : kernel-5.14.0-706.el9	19 May 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1244)	10 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1280)	10 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1366)	16 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1397)	16 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.12.1 : kernel (EulerOS-SA-2026-1433)	17 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.12.0 : kernel (EulerOS-SA-2026-1490)	17 Mar 202600:00	–	nessus

Source	Link
git	www.git.kernel.org/stable/c/02aa671c08a4834bef5166743a7b88686fbfa023
git	www.git.kernel.org/stable/c/88b4cbcf6b041ae0f2fc8a34554a5b6a83a2b7cd
git	www.git.kernel.org/stable/c/d2993a7e98eb70c737c6f5365a190e79c72b8407
git	www.git.kernel.org/stable/c/edd824eb45e4f7e05ad3ab090dab6dbdb79cd292
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68183.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-68183
git	www.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

28 May 2026 20:59Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.00025

linux kernel ima evm ima digsig flag non ima xattr signature preservation fix mode vulnerability 2025 68183