Merge: CVE-2022-49643: ima: Fix a potential integer overflow in ima_appraise_measurement

MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/6429

JIRA: https://issues.redhat.com/browse/RHEL-80802
CVE: CVE-2022-49643

```
commit d2ee2cf
Author: Huaxin Lu <luhuaxin1@huawei.com>
Date:   Tue Jul 5 13:14:17 2022 +0800

    ima: Fix a potential integer overflow in ima_appraise_measurement

    When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be
    negative, which may cause the integer overflow problem.

    Fixes: 39b0709 ("ima: Implement support for module-style appended signatures")
    Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
    Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>```

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>

---

<small>Created 2025-02-26 11:32 UTC by backporter - [KWF FAQ](https://red.ht/kernel_workflow_doc) - [Slack #team-kernel-workflow](https://redhat-internal.slack.com/archives/C04LRUPMJQ5) - [Source](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/utils/backporter.py) - [Documentation](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.backporter.md) - [Report an issue](https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=backporter%20webhook%20issue)</small>

Approved-by: Coiby Xu <coxu@redhat.com>
Approved-by: Vladis Dronov <vdronov@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: Augusto Caringi <acaringi@redhat.com>

Author: caringi

security/integrity/ima/ima_appraise.c

@@ -408,7 +408,8 @@ int ima_appraise_measurement(enum ima_hooks func,
 		goto out;
 	}
 
-	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);
+	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value,
+				 rc < 0 ? 0 : rc, iint);
 	switch (status) {
 	case INTEGRITY_PASS:
 	case INTEGRITY_PASS_IMMUTABLE: