OESA-2025-2688
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2688
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2688.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2688
- Upstream
- Published
- 2025-11-14T12:39:23Z
- Modified
- 2025-11-14T13:02:41.517638Z
- Summary
- luksmeta security update
- Details
-
LUKSMeta is a simple library for storing metadata in the LUKSv1 header. Some projects need to store additional metadata about a LUKS volume that is accessable before unlocking it. Fortunately, there is a gap in the LUKS header between the end of the slot area and the payload offset, LUKSMeta uses this hole to store additional metadata.
Security Fix(es):
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.(CVE-2025-11568)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4
luksmeta
Package
- Name
- luksmeta
- Purl
- pkg:rpm/openEuler/luksmeta&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9-7.oe2003sp4
Ecosystem specific
{
"x86_64": [
"luksmeta-9-7.oe2003sp4.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2003sp4.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2003sp4.x86_64.rpm",
"luksmeta-devel-9-7.oe2003sp4.x86_64.rpm"
],
"src": [
"luksmeta-9-7.oe2003sp4.src.rpm"
],
"noarch": [
"luksmeta-help-9-7.oe2003sp4.noarch.rpm"
],
"aarch64": [
"luksmeta-9-7.oe2003sp4.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2003sp4.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2003sp4.aarch64.rpm",
"luksmeta-devel-9-7.oe2003sp4.aarch64.rpm"
]
}openEuler:22.03-LTS-SP3
luksmeta
Package
- Name
- luksmeta
- Purl
- pkg:rpm/openEuler/luksmeta&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9-7.oe2203sp3
Ecosystem specific
{
"x86_64": [
"luksmeta-9-7.oe2203sp3.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2203sp3.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2203sp3.x86_64.rpm",
"luksmeta-devel-9-7.oe2203sp3.x86_64.rpm"
],
"src": [
"luksmeta-9-7.oe2203sp3.src.rpm"
],
"noarch": [
"luksmeta-help-9-7.oe2203sp3.noarch.rpm"
],
"aarch64": [
"luksmeta-9-7.oe2203sp3.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2203sp3.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2203sp3.aarch64.rpm",
"luksmeta-devel-9-7.oe2203sp3.aarch64.rpm"
]
}openEuler:22.03-LTS-SP4
luksmeta
Package
- Name
- luksmeta
- Purl
- pkg:rpm/openEuler/luksmeta&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9-7.oe2203sp4
Ecosystem specific
{
"x86_64": [
"luksmeta-9-7.oe2203sp4.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2203sp4.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2203sp4.x86_64.rpm",
"luksmeta-devel-9-7.oe2203sp4.x86_64.rpm"
],
"src": [
"luksmeta-9-7.oe2203sp4.src.rpm"
],
"noarch": [
"luksmeta-help-9-7.oe2203sp4.noarch.rpm"
],
"aarch64": [
"luksmeta-9-7.oe2203sp4.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2203sp4.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2203sp4.aarch64.rpm",
"luksmeta-devel-9-7.oe2203sp4.aarch64.rpm"
]
}openEuler:24.03-LTS
luksmeta
Package
- Name
- luksmeta
- Purl
- pkg:rpm/openEuler/luksmeta&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9-7.oe2403sp2
Ecosystem specific
{
"x86_64": [
"luksmeta-9-7.oe2403.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2403.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2403.x86_64.rpm",
"luksmeta-devel-9-7.oe2403.x86_64.rpm",
"luksmeta-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-devel-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-9-7.oe2403sp2.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp2.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2403sp2.x86_64.rpm",
"luksmeta-devel-9-7.oe2403sp2.x86_64.rpm"
],
"src": [
"luksmeta-9-7.oe2403.src.rpm",
"luksmeta-9-7.oe2403sp1.src.rpm",
"luksmeta-9-7.oe2403sp2.src.rpm"
],
"noarch": [
"luksmeta-help-9-7.oe2403.noarch.rpm",
"luksmeta-help-9-7.oe2403sp1.noarch.rpm",
"luksmeta-help-9-7.oe2403sp2.noarch.rpm"
],
"aarch64": [
"luksmeta-9-7.oe2403.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2403.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2403.aarch64.rpm",
"luksmeta-devel-9-7.oe2403.aarch64.rpm",
"luksmeta-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-devel-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-9-7.oe2403sp2.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp2.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2403sp2.aarch64.rpm",
"luksmeta-devel-9-7.oe2403sp2.aarch64.rpm"
]
}openEuler:24.03-LTS-SP1
luksmeta
Package
- Name
- luksmeta
- Purl
- pkg:rpm/openEuler/luksmeta&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9-7.oe2403sp1
Ecosystem specific
{
"x86_64": [
"luksmeta-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2403sp1.x86_64.rpm",
"luksmeta-devel-9-7.oe2403sp1.x86_64.rpm"
],
"src": [
"luksmeta-9-7.oe2403sp1.src.rpm"
],
"noarch": [
"luksmeta-help-9-7.oe2403sp1.noarch.rpm"
],
"aarch64": [
"luksmeta-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2403sp1.aarch64.rpm",
"luksmeta-devel-9-7.oe2403sp1.aarch64.rpm"
]
}openEuler:24.03-LTS-SP2
luksmeta
Package
- Name
- luksmeta
- Purl
- pkg:rpm/openEuler/luksmeta&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9-7.oe2403sp2
Ecosystem specific
{
"x86_64": [
"luksmeta-9-7.oe2403sp2.x86_64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp2.x86_64.rpm",
"luksmeta-debugsource-9-7.oe2403sp2.x86_64.rpm",
"luksmeta-devel-9-7.oe2403sp2.x86_64.rpm"
],
"src": [
"luksmeta-9-7.oe2403sp2.src.rpm"
],
"noarch": [
"luksmeta-help-9-7.oe2403sp2.noarch.rpm"
],
"aarch64": [
"luksmeta-9-7.oe2403sp2.aarch64.rpm",
"luksmeta-debuginfo-9-7.oe2403sp2.aarch64.rpm",
"luksmeta-debugsource-9-7.oe2403sp2.aarch64.rpm",
"luksmeta-devel-9-7.oe2403sp2.aarch64.rpm"
]
}