CVE-2025-11568

Source
https://cve.org/CVERecord?id=CVE-2025-11568
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11568.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11568
Downstream
Related
Published
2025-10-15T19:37:11.924Z
Modified
2026-07-08T07:38:11.255461498Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Luksmeta: data corruption when handling luks1 partitions with luksmeta
Details

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11568.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-1284"
    ]
}
References

Affected packages

Git / github.com/latchset/luksmeta

Affected ranges

Type
GIT
Repo
https://github.com/latchset/luksmeta
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

Other
v1
v2
v3
v4
v5
v6
v7
v8
v9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11568.json"