CME-505

IMA/EVM (Integrity Measurement Architecture)

Harden OS/Kernel Medium Confidence

Description

Kernel subsystem that measures file hashes at access time and optionally enforces an integrity policy. EVM extends this with extended attribute protection. Creates an audit trail of all executed code.

CVSS Vector Impacts

Metric Transition Rationale
Integrity (I) H L Modified binaries detected/blocked at execution time

CWE Relationships

CWE-345 CWE-494

Verification

Check IMA policy is loaded and enforcing

$ cat /sys/kernel/security/ima/policy | head -5
# Expected: appraise
Platform: linux
← CME-504: dm-verity (Verified Boot) CME-506: Landlock LSM (Filesystem Sandboxing) →