CVE-2024-11614

CVSS 3.0 Score 7.4 of 10 (high)

Details

Published Dec 18, 2024

Updated: Jan 9, 2025

CWE ID 125

Summary

CVE-2024-11614 is an out-of-bounds read vulnerability affecting the Data Plane Development Kit (DPDK) Vhost library checksum offload feature. Malicious guests or those compromised by attackers can exploit this issue by forging Virtio descriptors, leading to crashes in the hypervisor's vSwitch. By sending a packet with an invalid csum_start offset and a Tx checksum offload request, an attacker can cause the vhost-user side to crash, potentially leading to denial-of-service conditions or more serious consequences. This vulnerability underscores the importance of timely software updates and robust guest isolation to prevent unauthorized access and potential system instability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-11614

CVSS 3.0 Score 7.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations