{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-11568: fix data corruption in luksmeta when writing metadata larger\n than the gap between the LUKS1 header and encrypted data area; add upfront\n size validation in find_gap() and a hard-limit boundary check inside\n overlap() to prevent overrunning the gap and corrupting encrypted user data", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780411655", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780411655" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1780411655.json" } ], "tracking": { "current_release_date": "2026-06-02T14:48:51Z", "generator": { "date": "2026-06-02T14:48:51Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1780411655", "initial_release_date": "2026-06-02T14:48:51Z", "revision_history": [ { "date": "2026-06-02T14:48:51Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "luksmeta: Fix of CVE-2025-11568" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "product": { "name": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "product_id": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libluksmeta-devel@9-12.el9_2.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "product": { "name": "libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "product_id": "libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libluksmeta@9-12.el9_2.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "product": { "name": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "product_id": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libluksmeta-devel@9-12.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "product": { "name": "luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "product_id": "luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/luksmeta@9-12.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "product": { "name": "libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "product_id": "libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libluksmeta@9-12.el9_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686" }, "product_reference": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64" }, "product_reference": "libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64" }, "product_reference": "luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libluksmeta-0:9-12.el9_2.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.i686" }, "product_reference": "libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64" }, "product_reference": "libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-11568", "cwe": { "id": "CWE-1284", "name": "Improper Validation of Specified Quantity in Input" }, "notes": [ { "category": "description", "text": "A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11568" } ], "release_date": "2025-10-15T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-02T14:47:43.222976Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1780411655", "product_ids": [ "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1780411655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:libluksmeta-0:9-12.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:libluksmeta-devel-0:9-12.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:luksmeta-0:9-12.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }