CVE-2024-11614

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11614

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11614.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-11614

Related

Published

2024-12-18T09:15:06Z

Modified

2025-01-09T21:45:40.814941Z

Summary

[none]

Details

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

References

Affected packages

Debian:12 / dpdk

Package

Name: dpdk
Purl: pkg:deb/debian/dpdk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.11.7-1~deb12u1

Affected versions

22.*

22.11.1-2

22.11.2-1

22.11.2-2~deb12u1

22.11.2-2

22.11.2-3

22.11.3-1~deb12u1

22.11.3-1

22.11.3-2

22.11.4-1~deb12u1

22.11.5-1~deb12u1

22.11.6-1~deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dpdk

Package

Name: dpdk
Purl: pkg:deb/debian/dpdk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.11.1-1

Affected versions

22.*

22.11.1-2

22.11.2-1

22.11.2-2~deb12u1

22.11.2-2

22.11.2-3

22.11.3-1~deb12u1

22.11.3-1

22.11.3-2

22.11.4-1~deb12u1

22.11.5-1~deb12u1

22.11.6-1~deb12u1

22.11.7-1~deb12u1

23.*

23.11-1~exp1

23.11-1

23.11.1-1

23.11.1-2

23.11.2-1

23.11.2-1+exp1

23.11.2-1+exp2

23.11.2-1+exp3

23.11.2-1+exp4

23.11.2-2

23.11.2-3

24.*

24.11~rc2-1

24.11~rc2-2

24.11~rc3-1

24.11~rc4-1

24.11-1

24.11-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}