CVE-2024-11614 — Out-of-bounds Read in Dpdk

CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 57.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Debian Dpdk Msrc Azure Linux 3.0 ARM +1 more

Timeline

PublishedDec 18

Latest updateDec 19

Description

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

▶debiandebian/dpdk< dpdk 22.11.7-1~deb12u1 (bookworm)

▶Debiandpdk/dpdk< 22.11.7-1~deb12u1+2

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

🔴Vulnerability Details

GHSA

GHSA-hc38-wh54-qgvx: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature↗2024-12-18

▶

OSV

CVE-2024-11614: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature↗2024-12-18

▶

CVEList

Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library↗2024-12-18

▶

📋Vendor Advisories

Ubuntu

DPDK vulnerability↗2024-12-19

▶

Red Hat

dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library↗2024-12-17

▶

Microsoft

CVE-2024-11614: NIST NVD Details: https://nvd↗2024-12-10

▶

Debian

CVE-2024-11614: dpdk - An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum o...↗2024

▶