QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-11614

Back to search

CVE-2024-11614

Published: Dec 18, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.0

7.4

HIGH

Description

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

VendorProductVersions

Unknown

dpdk

affected
21.05 - < 21.11-4

Red Hat

Fast Datapath for Red Hat Enterprise Linux 8

unaffected
0:3.1.0-159.el8fdp - < *

Red Hat

Fast Datapath for Red Hat Enterprise Linux 9

unaffected
0:3.1.0-149.el9fdp - < *

Red Hat

Fast Datapath for Red Hat Enterprise Linux 9

unaffected
0:3.3.0-92.el9fdp - < *

Red Hat

Fast Datapath for Red Hat Enterprise Linux 9

unaffected
0:3.4.0-48.el9fdp - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
0:23.11-2.el8_10 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

unaffected
0:21.11-3.el8_6 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

unaffected
0:21.11-3.el8_6 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

unaffected
0:21.11-3.el8_6 - < *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

unaffected
0:21.11-4.el8_8 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
2:23.11-2.el9_5 - < *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

unaffected
2:21.11-3.el9_0 - < *

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

unaffected
2:22.11-4.el9_2 - < *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

unaffected
2:23.11-2.el9_4 - < *

Red Hat

Fast Datapath for RHEL 7

All versions

Red Hat

Fast Datapath for RHEL 7

All versions

Red Hat

Fast Datapath for RHEL 7

All versions

Red Hat

Fast Datapath for RHEL 7

All versions

Red Hat

Fast Datapath for RHEL 7

All versions

Red Hat

Fast Datapath for RHEL 8

All versions

Red Hat

Fast Datapath for RHEL 8

All versions

Red Hat

Fast Datapath for RHEL 8

All versions

Red Hat

Fast Datapath for RHEL 8

All versions

Red Hat

Fast Datapath for RHEL 8

All versions

Red Hat

Fast Datapath for RHEL 8

All versions

Red Hat

Fast Datapath for RHEL 9

All versions

Red Hat

Fast Datapath for RHEL 9

All versions

Red Hat

Fast Datapath for RHEL 9

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Weaknesses (CWE)

CWE-125

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

RHSA-2025:0208
vendor-advisory
x_refsource_REDHAT
RHSA-2025:0209
vendor-advisory
x_refsource_REDHAT
RHSA-2025:0210
vendor-advisory
x_refsource_REDHAT
RHSA-2025:0211
vendor-advisory
x_refsource_REDHAT
RHSA-2025:0220
vendor-advisory
x_refsource_REDHAT
RHSA-2025:0221
vendor-advisory
x_refsource_REDHAT
RHSA-2025:0222
vendor-advisory
x_refsource_REDHAT
RHSA-2025:3963
vendor-advisory
x_refsource_REDHAT
RHSA-2025:3964
vendor-advisory
x_refsource_REDHAT
RHSA-2025:3965
vendor-advisory
x_refsource_REDHAT
RHSA-2025:3970
vendor-advisory
x_refsource_REDHAT
RHBZ#2327955
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now