CVE-2025-11568
BaseFortify
Publication date: 2025-10-15
Last updated on: 2026-03-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | luksmeta | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a data corruption issue in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker who has the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility does not properly check if there is enough space, causing the metadata to overwrite and corrupt the user's encrypted data, resulting in permanent data loss. Other LUKS formats besides LUKS1 are not affected.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause permanent loss of encrypted data on devices using the LUKS1 format. An attacker with the required permissions can corrupt the stored information by overwriting it with excessive metadata, leading to data corruption and loss.