AZL-54455

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54455.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-54455

Upstream

CVE-2024-11614

Published

2024-12-18T09:15:06Z

Modified

2026-04-01T05:18:17.423348Z

Summary

CVE-2024-11614 affecting package dpdk for versions less than 23.11.3-1

Details

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11614

Affected packages

Azure Linux:3 / dpdk

Package

Name: dpdk
Purl: pkg:rpm/azure-linux/dpdk

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.11.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54455.json"