Out-of-Bounds Read Vulnerability in DPDK's Vhost Library

CVE-2024-11614

Currently unrated 🤨

Key Information

Vendor: Intel
Vendor: CVE Published:; 18 December 2024

Summary

CVE-2024-11614 is a critical out-of-bounds read vulnerability discovered in the Vhost library of the DPDK, specifically affecting its checksum offload feature. This vulnerability permits an untrusted or compromised virtual machine (VM) to manipulate the hypervisor's virtual switch (vSwitch) by forging Virtio descriptors, potentially leading to unauthorized out-of-bounds reads and subsequent crashes. An attacker can exploit this flaw by sending a crafted packet containing a transmission checksum offload request along with an invalid checksum start offset. Organizations relying on DPDK for high-performance networking must take immediate action to apply security patches and safeguard their systems against this serious threat.

Refferences

http://www.openwall.com/lists/oss-security/2024/12/17/3

https://access.redhat.com/security/cve/CVE-2024-11614

https://bugzilla.redhat.com/show_bug.cgi?id=2327955

Timeline

Vulnerability published
Dec 18, 2024

Collectors

NVD Database