CVE-2025-11568
Luksmeta: data corruption when handling luks1 partitions with luksmeta
CVSS Score
4.4
EPSS Score
0.0%
EPSS Percentile
0th
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.
| CWE | CWE-1284 |
| Vendor | latchset |
| Product | luksmeta |
| Published | Oct 15, 2025 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for latchset luksmeta
Be the first to know when new medium vulnerabilities affecting latchset luksmeta are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected Versions
Latchset / luksmeta
0 < 10
Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected