CVE & CISA-KEV Catalog

CVE-2025-11568

MEDIUM
4.4
CVSS v3
NVD

Description

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

How to fix

Remediation Available
luksmetaDebian
Fixed in:9-4+deb12u1CVE-2025-11568
Fixed in:9-4+deb13u1CVE-2025-11568
Fixed in:10-1CVE-2025-11568
libluksmetaRocky
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
libluksmetaRed Hat / RHEL
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
libluksmeta-debuginfoRed Hat / RHEL
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
libluksmeta-debuginfoRocky
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
libluksmeta-develRed Hat / RHEL
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
libluksmeta-develRocky
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
luksmetaRed Hat / RHEL
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
luksmetaRocky
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
luksmeta-debuginfoRocky
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
luksmeta-debuginfoRed Hat / RHEL
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
luksmeta-debugsourceRed Hat / RHEL
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
luksmeta-debugsourceRocky
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:10-1.el10RHSA-2026:18421
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:9-4.el8_10.1RHSA-2025:23086
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824
Fixed in:0:10-1.el9RHSA-2026:18824

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploit Intelligence

0.09%probability of exploitation in 30 days
1stpercentile

Low risk: more likely to be exploited than 1% of all known CVEs.

References

Related Vulnerabilities

Other CWE-1284 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2022-20699Critical10.072%KEV-
CVE-2021-43267Critical9.858%-Fix
CVE-2022-31629Medium6.549%-Fix
CVE-2025-9316Unscored-37%--
CVE-2022-36620High7.523%--
CVE-2008-1440High7.123%--
Embed a live status badge for CVE-2025-11568
CVE-2025-11568 severity badge

Markdown

[![CVE-2025-11568](https://tridentstack.com/cve/badge/CVE-2025-11568.svg)](https://tridentstack.com/cve/CVE-2025-11568)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-11568"><img src="https://tridentstack.com/cve/badge/CVE-2025-11568.svg" alt="CVE-2025-11568"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-30.