CVE-2025-11568
MEDIUMLatchset luksmeta - Data Corruption via Metadata Overflow in LUKS1 Format
Title source: llmDescription
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23086
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:18421
https://access.redhat.com/errata/RHSA-2026:18421
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:18824
https://access.redhat.com/errata/RHSA-2026:18824
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-11568
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2404244
Scores
CVSS v3
4.4
EPSS
0.0009
EPSS Percentile
0.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1284
Status
published
Products (8)
Latchset/luksmeta
< 10
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10
0:10-1.el10
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:9-4.el8_10.1
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Enterprise Linux 9
0:10-1.el9
Red Hat/Red Hat OpenShift Container Platform 4
Published
Oct 15, 2025
Tracked Since
Feb 18, 2026