216.73.217.64

CVE-2025-11568

· Published 15/10/2025 20:15 · Modified 15/10/2025 20:15

Labels: CVE-2025-11568 2025-10-15CVE-2025-11568CWE-1284[email protected]

Essential information

Published
15/10/2025 20:15
Modified
15/10/2025 20:15
Author
Creator
CVSS
4.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cryptsetup / luksmeta cpe:2.3:a:cryptsetup:luksmeta:*:*:*:*:*:*:*:*
cryptsetup / luks1 cpe:2.3:a:cryptsetup:luks1:*:*:*:*:*:*:*:*

References