Main Vulnerability Database SB2025111736

SB2025111736 - Fedora 42 update for luksmeta

Published: November 17, 2025

Security Bulletin ID SB2025111736

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2025-11568)

The vulnerability allows a local user to corrupt stored information.

The vulnerability exists due to insufficient input validation in the luksmeta utility when used with the LUKS1 disk encryption format. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data.. A local user can write a large amount of metadata to an encrypted device and cause permanent loss of the stored information.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2025-457000540a