CVE-2024-11614

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11614

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11614.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-11614

Downstream

DEBIAN-CVE-2024-11614

DSA-5833-1

OESA-2024-2599

OESA-2025-1001

OESA-2025-1002

OESA-2025-1003

OESA-2025-1029

RHSA-2025:0208

RHSA-2025:0209

RHSA-2025:0210

RHSA-2025:0211

RHSA-2025:0220

RHSA-2025:0221

RHSA-2025:0222

RHSA-2025:3963

RHSA-2025:3964

RHSA-2025:3965

RHSA-2025:3970

SUSE-SU-2025:0018-1

UBUNTU-CVE-2024-11614

USN-7178-1

openSUSE-SU-2025:14631-1

Related

Published

2024-12-18T09:15:06Z

Modified

2025-08-09T20:01:25Z

Summary

[none]

Details

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

References

Affected packages