Vulnerability DatabaseCVE-2024-11614
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-11614
December 18, 2024
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
Related Resources (14)
https://access.redhat.com/errata/RHSA-2025:0222
https://access.redhat.com/errata/RHSA-2025:3965
https://access.redhat.com/errata/RHSA-2025:0209
https://access.redhat.com/errata/RHSA-2025:3963
https://access.redhat.com/errata/RHSA-2025:0208
https://bugzilla.redhat.com/show_bug.cgi?id=2327955
https://access.redhat.com/errata/RHSA-2025:0221
https://access.redhat.com/errata/RHSA-2025:0211
https://access.redhat.com/errata/RHSA-2025:0210
https://access.redhat.com/errata/RHSA-2025:3964
https://access.redhat.com/errata/RHSA-2025:3970
https://access.redhat.com/security/cve/CVE-2024-11614
http://www.openwall.com/lists/oss-security/2024/12/17/3
https://access.redhat.com/errata/RHSA-2025:0220
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
HIGH
CVSS v3
Base Score:
7.4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.21