CVE-2025-11568

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions luksmeta (affected versions not specified)

Description A data corruption issue exists in the luksmeta utility when operating with the LUKS1 disk encryption format. An attacker possessing appropriate permissions can trigger this flaw by writing a substantial amount of metadata to an encrypted device. The utility does not properly validate available space, resulting in metadata overwriting and corrupting user data, leading to permanent data loss. Devices utilizing LUKS formats other than LUKS1 are not susceptible to this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284

Related Identifiers

ALSA-2025:23086

ALSA-2026:18421

ALSA-2026:18824

ALT-PU-2025-13907

ALT-PU-2025-14080

AZL-72866

CVE-2025-11568

OESA-2025-2688

RHSA-2025:23086

RHSA-2026:18421

RHSA-2026:18824

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Luksmeta

CVE-2025-11568

Weakness Enumeration

Related Identifiers

Affected Products

References · 30