CVE-2024-11614

CVE Database · CVE-2024-11614

CVE-2024-11614

· N/ADeferred

CVSS v3.1

N/A

EPSS

0.55%

Published

Dec 18, 2024

Modified

Apr 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

Weaknesses (CWE)

CWE-125

References (14)

https://access.redhat.com/errata/RHSA-2025:0208

https://access.redhat.com/errata/RHSA-2025:0209

https://access.redhat.com/errata/RHSA-2025:0210

https://access.redhat.com/errata/RHSA-2025:0211

https://access.redhat.com/errata/RHSA-2025:0220

https://access.redhat.com/errata/RHSA-2025:0221

https://access.redhat.com/errata/RHSA-2025:0222

https://access.redhat.com/errata/RHSA-2025:3963

https://access.redhat.com/errata/RHSA-2025:3964

https://access.redhat.com/errata/RHSA-2025:3965

https://access.redhat.com/errata/RHSA-2025:3970

https://access.redhat.com/security/cve/CVE-2024-11614

KEV Catalog EPSS Scores Vendors All CVEs