CVE-2024-11614 : An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum o

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

Published 2024-12-18 08:30:50

Updated 2025-04-17 01:15:45

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2024-11614

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-11614

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-11614

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.4	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	N/A	N/A	Red Hat, Inc.	2024-12-18
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High
7.4	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	2.8	4.0	Red Hat, Inc.	2024-12-18
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-11614

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.
Assigned by:
- 53f830b8-0a3f-465b-8143-3b8a9948e749 (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2024-11614

https://access.redhat.com/errata/RHSA-2025:0211

RHSA-2025:0211 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2025:3964
https://bugzilla.redhat.com/show_bug.cgi?id=2327955

2327955 – (CVE-2024-11614) CVE-2024-11614 dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
https://access.redhat.com/errata/RHSA-2025:0222

RHSA-2025:0222 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2025:0208

RHSA-2025:0208 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2025:3970
https://access.redhat.com/errata/RHSA-2025:0209

RHSA-2025:0209 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2024-11614

CVE-2024-11614 - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2025:0220

RHSA-2025:0220 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2025:3963
https://access.redhat.com/errata/RHSA-2025:0221

RHSA-2025:0221 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2025:3965
http://www.openwall.com/lists/oss-security/2024/12/17/3

oss-security - CVE-2024-11614: DPDK Vhost Rx checksum vulnerability
https://access.redhat.com/errata/RHSA-2025:0210

RHSA-2025:0210 - Security Advisory - Red Hat Customer Portal

Jump to

Vulnerability Details : CVE-2024-11614

Products affected by CVE-2024-11614

Exploit prediction scoring system (EPSS) score for CVE-2024-11614

CVSS scores for CVE-2024-11614

CWE ids for CVE-2024-11614

References for CVE-2024-11614