CVE-2025-11568 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-11568 Interim 1 2 2025-12-23T00:49:33Z current 2025-11-01T00:59:49Z 2025-12-23T00:49:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-11568 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-December/002285.html E-Mail link for RHSA-2025:23086 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 libluksmeta-9-4.el8_10.1 libluksmeta-devel-9-4.el8_10.1 luksmeta-9-4.el8_10.1 libluksmeta-9-4.el8_10.1 as a component of SUSE Liberty Linux 8 libluksmeta-devel-9-4.el8_10.1 as a component of SUSE Liberty Linux 8 luksmeta-9-4.el8_10.1 as a component of SUSE Liberty Linux 8 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. CVE-2025-11568 SUSE Liberty Linux 8:libluksmeta-9-4.el8_10.1 SUSE Liberty Linux 8:libluksmeta-devel-9-4.el8_10.1 SUSE Liberty Linux 8:luksmeta-9-4.el8_10.1 moderate