DEBIAN-CVE-2025-11568

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-11568

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11568.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-11568

Upstream

CVE-2025-11568

Published

2025-10-15T20:15:34.007Z

Modified

2026-01-10T14:07:37.176240Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

References

https://security-tracker.debian.org/tracker/CVE-2025-11568

Affected packages

Debian:11 / luksmeta

Package

Name: luksmeta
Purl: pkg:deb/debian/luksmeta?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

9-3

9-4

10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11568.json"

Debian:12 / luksmeta

Package

Name: luksmeta
Purl: pkg:deb/debian/luksmeta?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9-4+deb12u1

Affected versions

Other

9-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11568.json"

Debian:13 / luksmeta

Package

Name: luksmeta
Purl: pkg:deb/debian/luksmeta?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9-4+deb13u1

Affected versions

Other

9-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11568.json"

Debian:14 / luksmeta

Package

Name: luksmeta
Purl: pkg:deb/debian/luksmeta?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10-1

Affected versions

Other

9-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11568.json"