CVE-2024-11614 - Vulnerability Details

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Openshift Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Fast Datapath for Red Hat Enterprise Linux 8
openvswitch3.1-0:3.1.0-159.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:3970	2025-04-17T00:00:00Z
Fast Datapath for Red Hat Enterprise Linux 9
openvswitch3.1-0:3.1.0-149.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:3963	2025-04-17T00:00:00Z
openvswitch3.3-0:3.3.0-92.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:3964	2025-04-17T00:00:00Z
openvswitch3.4-0:3.4.0-48.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:3965	2025-04-17T00:00:00Z
Red Hat Enterprise Linux 8
dpdk-0:23.11-2.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:0222	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
dpdk-0:21.11-3.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:0221	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
dpdk-0:21.11-3.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:0221	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
dpdk-0:21.11-3.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:0221	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
dpdk-0:21.11-4.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:0220	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 9
dpdk-2:23.11-2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0210	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
dpdk-2:21.11-3.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:0211	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
dpdk-2:22.11-4.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:0208	2025-01-09T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
dpdk-2:23.11-2.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:0209	2025-01-09T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/12/17/3
https://access.redhat.com/errata/RHSA-2025:0208
https://access.redhat.com/errata/RHSA-2025:0209
https://access.redhat.com/errata/RHSA-2025:0210
https://access.redhat.com/errata/RHSA-2025:0211
https://access.redhat.com/errata/RHSA-2025:0220
https://access.redhat.com/errata/RHSA-2025:0221
https://access.redhat.com/errata/RHSA-2025:0222
https://access.redhat.com/errata/RHSA-2025:3963
https://access.redhat.com/errata/RHSA-2025:3964
https://access.redhat.com/errata/RHSA-2025:3965
https://access.redhat.com/errata/RHSA-2025:3970
https://access.redhat.com/security/cve/CVE-2024-11614
https://bugzilla.redhat.com/show_bug.cgi?id=2327955
https://nvd.nist.gov/vuln/detail/CVE-2024-11614
https://www.cve.org/CVERecord?id=CVE-2024-11614

History

Thu, 17 Apr 2025 01:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:3964 https://access.redhat.com/errata/RHSA-2025:3965 https://access.redhat.com/errata/RHSA-2025:3970

Thu, 17 Apr 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:3963

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.6

Thu, 09 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
References		https://access.redhat.com/errata/RHSA-2025:0211

Thu, 09 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:0220 https://access.redhat.com/errata/RHSA-2025:0221 https://access.redhat.com/errata/RHSA-2025:0222

Thu, 09 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:0208 https://access.redhat.com/errata/RHSA-2025:0209 https://access.redhat.com/errata/RHSA-2025:0210

Wed, 18 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Dec 2024 09:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2024/12/17/3

Wed, 18 Dec 2024 08:45:00 +0000

Type	Values Removed	Values Added
Title	dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library	Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7::fastdatapath cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8::fastdatapath cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9::fastdatapath
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2024-11614 https://bugzilla.redhat.com/show_bug.cgi?id=2327955

Wed, 18 Dec 2024 01:45:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
Title		dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
Weaknesses		CWE-125
References		https://nvd.nist.gov/vuln/detail/CVE-2024-11614 https://www.cve.org/CVERecord?id=CVE-2024-11614
Metrics	threat_severity `None`	cvssV3_0 `{'score': 7.4, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-12-18T08:30:49.729Z

Updated: 2025-04-17T00:31:34.768Z

Reserved: 2024-11-22T04:21:45.124Z

Link: CVE-2024-11614

Vulnrichment

Updated: 2024-12-18T09:03:01.520Z

NVD

Status : Awaiting Analysis

Published: 2024-12-18T09:15:06.660

Modified: 2025-04-17T01:15:45.350

Link: CVE-2024-11614

Redhat

Severity : Important

Publid Date: 2024-12-17T00:00:00Z

Links: CVE-2024-11614 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11614", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-11-22T04:21:45.124Z", "datePublished": "2024-12-18T08:30:49.729Z", "dateUpdated": "2025-04-17T00:31:34.768Z"}, "containers": {"cna": {"title": "Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset."}], "affected": [{"versions": [{"status": "affected", "version": "21.05", "lessThan": "21.11-4", "versionType": "semver"}], "packageName": "dpdk", "collectionURL": "https://git.dpdk.org/dpdk-stable/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.1", "defaultStatus": "affected", "versions": [{"version": "0:3.1.0-159.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.1", "defaultStatus": "affected", "versions": [{"version": "0:3.1.0-149.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.3", "defaultStatus": "affected", "versions": [{"version": "0:3.3.0-92.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.4", "defaultStatus": "affected", "versions": [{"version": "0:3.4.0-48.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "0:23.11-2.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "0:21.11-3.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "0:21.11-3.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "0:21.11-3.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "0:21.11-4.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "2:23.11-2.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "2:21.11-3.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "2:22.11-4.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "affected", "versions": [{"version": "2:23.11-2.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "dpdk", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.10", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.11", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.12", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.11", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.12", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.13", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.15", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.16", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.17", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.17", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.0", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch2.17", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.0", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openvswitch3.1", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:0208", "name": "RHSA-2025:0208", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0209", "name": "RHSA-2025:0209", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0210", "name": "RHSA-2025:0210", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0211", "name": "RHSA-2025:0211", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0220", "name": "RHSA-2025:0220", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0221", "name": "RHSA-2025:0221", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0222", "name": "RHSA-2025:0222", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3963", "name": "RHSA-2025:3963", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3964", "name": "RHSA-2025:3964", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3965", "name": "RHSA-2025:3965", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3970", "name": "RHSA-2025:3970", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-11614", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327955", "name": "RHBZ#2327955", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-12-17T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "timeline": [{"lang": "en", "time": "2024-11-22T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-12-17T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-04-17T00:31:34.768Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/12/17/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-18T09:03:01.520Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-18T14:47:13.057559Z", "id": "CVE-2024-11614", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:48:14.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/12/17/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-18T09:03:01.520Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11614", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-18T14:47:13.057559Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:47:18.806Z"}}], "cna": {"title": "Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "21.05", "lessThan": "21.11-4", "versionType": "semver"}], "packageName": "dpdk", "collectionURL": "https://git.dpdk.org/dpdk-stable/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:3.1.0-159.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "openvswitch3.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:3.1.0-149.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "openvswitch3.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:3.3.0-92.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "openvswitch3.3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:3.4.0-48.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "openvswitch3.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:23.11-2.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:21.11-3.el8_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:21.11-3.el8_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:21.11-3.el8_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:21.11-4.el8_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "2:23.11-2.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "2:21.11-3.el9_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "2:22.11-4.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "2:23.11-2.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "dpdk", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "openvswitch", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "openvswitch2.10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "openvswitch2.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "openvswitch2.12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "packageName": "openvswitch2.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "packageName": "openvswitch2.12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "packageName": "openvswitch2.13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "packageName": "openvswitch2.15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "packageName": "openvswitch2.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "packageName": "openvswitch2.17", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "packageName": "openvswitch2.17", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "packageName": "openvswitch3.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "packageName": "openvswitch3.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openvswitch2.17", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openvswitch3.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openvswitch3.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-11-22T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-12-17T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-12-17T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:0208", "name": "RHSA-2025:0208", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0209", "name": "RHSA-2025:0209", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0210", "name": "RHSA-2025:0210", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0211", "name": "RHSA-2025:0211", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0220", "name": "RHSA-2025:0220", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0221", "name": "RHSA-2025:0221", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0222", "name": "RHSA-2025:0222", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3963", "name": "RHSA-2025:3963", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3964", "name": "RHSA-2025:3964", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3965", "name": "RHSA-2025:3965", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3970", "name": "RHSA-2025:3970", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-11614", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327955", "name": "RHBZ#2327955", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-04-17T00:31:34.768Z"}, "x_redhatCweChain": "CWE-125: Out-of-bounds Read"}}, "cveMetadata": {"cveId": "CVE-2024-11614", "state": "PUBLISHED", "dateUpdated": "2025-04-17T00:31:34.768Z", "dateReserved": "2024-11-22T04:21:45.124Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-12-18T08:30:49.729Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en la funci\u00f3n de descarga de suma de comprobaci\u00f3n de la librer\u00eda DPDK's Vhost. Este problema permite que un invitado no confiable o comprometido bloquee el vSwitch del hipervisor falsificando descriptores Virtio para provocar lecturas fuera de los l\u00edmites. Esta falla permite que un atacante con una m\u00e1quina virtual maliciosa que utilice un controlador Virtio haga que el lado del usuario vhost se bloquee enviando un paquete con una solicitud de descarga de suma de comprobaci\u00f3n Tx y un desplazamiento csum_start no v\u00e1lido."}], "id": "CVE-2024-11614", "lastModified": "2025-04-17T01:15:45.350", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-12-18T09:15:06.660", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0208"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0209"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0210"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0211"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0220"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0221"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0222"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3963"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3964"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3965"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3970"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-11614"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/12/17/3"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3970", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch3.1-0:3.1.0-159.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-04-17T00:00:00Z"}, {"advisory": "RHSA-2025:3963", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch3.1-0:3.1.0-149.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-04-17T00:00:00Z"}, {"advisory": "RHSA-2025:3964", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch3.3-0:3.3.0-92.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-04-17T00:00:00Z"}, {"advisory": "RHSA-2025:3965", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch3.4-0:3.4.0-48.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-04-17T00:00:00Z"}, {"advisory": "RHSA-2025:0222", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dpdk-0:23.11-2.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0221", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "dpdk-0:21.11-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0221", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "dpdk-0:21.11-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0221", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "dpdk-0:21.11-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0220", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "dpdk-0:21.11-4.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0210", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dpdk-2:23.11-2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0211", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "dpdk-2:21.11-3.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0208", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "dpdk-2:22.11-4.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0209", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "dpdk-2:23.11-2.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}], "bugzilla": {"description": "dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library", "id": "2327955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327955"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.", "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset."], "name": "CVE-2024-11614", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "dpdk", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.10", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.13", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.15", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.16", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.17", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.17", "product_name": "Fast Datapath for RHEL 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch3.0", "product_name": "Fast Datapath for RHEL 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch3.2", "product_name": "Fast Datapath for RHEL 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch2.17", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch3.0", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch3.1", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-12-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11614\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11614"], "statement": "Affected versions are only vulnerable if the Vhost-based application registers devices with the RTE_VHOST_USER_NET_COMPLIANT_OL_FLAGS flag.\nOVS-DPDK uses the DPDK Vhost library but does not pass this flag, so it is affected but not vulnerable.", "threat_severity": "Important"}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object