What is GHSA-pvmm-7c2r-wmp4?

GHSA-pvmm-7c2r-wmp4 is a security advisory published by GitHub Security Advisories with Medium severity. A data corruption vulnerability has been identified in the luksmeta utility when used with the...

Which CVE IDs does GHSA-pvmm-7c2r-wmp4 cover?

GHSA-pvmm-7c2r-wmp4 covers the following CVE IDs: CVE-2025-11568. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-pvmm-7c2r-wmp4?

GHSA-pvmm-7c2r-wmp4 has a CVSS v3 base score of 4.4, published by GitHub Security Advisories.

GHSA-pvmm-7c2r-wmp4MediumCVSS 4.4

A data corruption vulnerability has been identified in the luksmeta utility when used with the...

Vendor

GitHub Security Advisories

Published

October 15, 2025

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2025-11568 →

📋 Description

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2025-11568
https://access.redhat.com/security/cve/CVE-2025-11568
https://bugzilla.redhat.com/show_bug.cgi?id=2404244
https://access.redhat.com/errata/RHSA-2025:23086
https://github.com/latchset/luksmeta/pull/16
https://access.redhat.com/errata/RHSA-2026:18421
https://access.redhat.com/errata/RHSA-2026:18824
https://github.com/advisories/GHSA-pvmm-7c2r-wmp4