PT-2024-9748 · Dpdk+8 · Dpdk'S Vhost Library+8

Maxime Coquelin

Published

2024-11-28

Updated

2025-12-30

CVE-2024-11614

CVSS v3.1

7.4

High

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DPDK's Vhost library (affected versions not specified)

Description An out-of-bounds read issue was found in the checksum offload feature of DPDK's Vhost library. This allows an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors, causing out-of-bounds reads. An attacker with a malicious VM using a Virtio driver can crash the vhost-user side by sending a packet with a Tx checksum offload request and an invalid csum start offset.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:0210

ALSA-2025:0222

AZL-54455

BDU:2024-11484

CESA-2025_0222

CVE-2024-11614

DSA-5833-1

INFSA-2025_0210

INFSA-2025_0222

OESA-2024-2599

OESA-2025-1001

OESA-2025-1002

OESA-2025-1003

OESA-2025-1029

OPENSUSE-SU-2025:14631-1

OPENSUSE-SU-2025_0018-1

RHSA-2025:0208

RHSA-2025:0209

RHSA-2025:0210

RHSA-2025:0211

RHSA-2025:0220

RHSA-2025:0221

RHSA-2025:0222

RHSA-2025:3963

RHSA-2025:3964

RHSA-2025:3965

RHSA-2025:3970

RHSA-2025_0210

RHSA-2025_0222

RLSA-2025:0210

RLSA-2025:0222

SUSE-SU-2025:0018-1

SUSE-SU-2025_0018-1

SUSE-SU-2026:20036-1

SUSE-SU-2026:20055-1

USN-7178-1

Affected Products

Almalinux

Centos

Dpdk'S Vhost Library

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-9748 · Dpdk+8 · Dpdk'S Vhost Library+8

CVE-2024-11614

Weakness Enumeration

Related Identifiers

Affected Products

References · 68