Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72866.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-72866
Upstream
  • CVE-2025-11568
Published
2025-10-15T20:15:34Z
Modified
2026-04-21T04:33:43.990425Z
Summary
CVE-2025-11568 affecting package luksmeta 9-8
Details

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

References

Affected packages

Azure Linux:3 / luksmeta

Package

Name
luksmeta
Purl
pkg:rpm/azure-linux/luksmeta

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
9-8

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72866.json"