Red Hat luksmeta Utility Data Corruption Vulnerability in LUKS1 Encryption

Vulnerability

A data corruption vulnerability exists in the luksmeta utility when applied to devices using the LUKS1 disk encryption format. This issue arises because the utility improperly validates the available space, allowing an attacker with the necessary permissions to write excessive metadata that overwrites and corrupts the user's encrypted data. As a result, the stored information is permanently lost. This vulnerability does not affect devices encrypted with LUKS formats other than LUKS1.

Impact

Exploitation of this vulnerability leads to permanent data loss by overwriting encrypted information on the affected device.

Added: Oct 15, 2025, 8:27 PM

Updated: Oct 15, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.8

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.8

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat luksmeta Utility Data Corruption Vulnerability in LUKS1 Encryption

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating