CVE-2024-11614

Jan. 9, 2025, 7:15 p.m.

7.4
High

Description

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

Product(s) Impacted

Product Versions
DPDK

Weaknesses

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References

https://access.redhat.com/errata/RHSA-2025:0208
https://access.redhat.com/errata/RHSA-2025:0209
https://access.redhat.com/errata/RHSA-2025:0210
https://access.redhat.com/errata/RHSA-2025:0211
https://access.redhat.com/errata/RHSA-2025:0220
https://access.redhat.com/errata/RHSA-2025:0221
https://access.redhat.com/errata/RHSA-2025:0222
https://access.redhat.com/security/cve/CVE-2024-11614
https://bugzilla.redhat.com/show_bug.cgi?id=2327955
http://www.openwall.com/lists/oss-security/2024/12/17/3

Tags

secalert@redhat.com
CWE-125
2024-12-18
CVE-2024-11614

CVSS Score

7.4 / 10

CVSS Data

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Date

  • Published: Dec. 18, 2024, 9:15 a.m.
  • Last Modified: Jan. 9, 2025, 7:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.