7.4
CVE-2024-11614
- EPSS 0.3%
- Published 18.12.2024 09:15:06
- Last modified 17.04.2025 01:15:45
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://git.dpdk.org/dpdk-stable/
≫
Package
dpdk
Default Statusunaffected
Version <
21.11-4
Version
21.05
Status
affected
VendorRed Hat
≫
Product
Fast Datapath for Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:3.1.0-159.el8fdp
Status
unaffected
VendorRed Hat
≫
Product
Fast Datapath for Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:3.1.0-149.el9fdp
Status
unaffected
VendorRed Hat
≫
Product
Fast Datapath for Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:3.3.0-92.el9fdp
Status
unaffected
VendorRed Hat
≫
Product
Fast Datapath for Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:3.4.0-48.el9fdp
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:23.11-2.el8_10
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version <
*
Version
0:21.11-3.el8_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version <
*
Version
0:21.11-3.el8_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:21.11-3.el8_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8.8 Extended Update Support
Default Statusaffected
Version <
*
Version
0:21.11-4.el8_8
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
2:23.11-2.el9_5
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
2:21.11-3.el9_0
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version <
*
Version
2:22.11-4.el9_2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version <
*
Version
2:23.11-2.el9_4
Status
unaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 7
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 7
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 7
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 7
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 7
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 8
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 8
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 8
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 8
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 8
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 8
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 9
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 9
Default Statusunaffected
VendorRed Hat
≫
Product
Fast Datapath for RHEL 9
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusunaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.528 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 7.4 | 2.8 | 4 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.