Untriaged
Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
References
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3963 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3965 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3970 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:3963 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3965 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3970 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3963 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3965 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3970 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3963 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3965 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3970 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3963 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3965 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3970 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0209 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0210 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0211 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0220 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0221 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0222 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3963 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3965 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3970 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
Affected products
dpdk
- <21.11-4
- *
openvswitch
openvswitch3.0
openvswitch3.1
- *
openvswitch3.2
openvswitch3.3
- *
openvswitch3.4
- *
openvswitch2.10
openvswitch2.11
openvswitch2.12
openvswitch2.13
openvswitch2.15
openvswitch2.16
openvswitch2.17
Matching in nixpkgs
pkgs.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.openvswitch
Multilayer virtual switch
-
nixos-unstable -
- nixpkgs-unstable 3.6.0
pkgs.openvswitch-dpdk
Multilayer virtual switch
-
nixos-unstable -
- nixpkgs-unstable 3.6.0
pkgs.linuxPackages.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_zen.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages-libre.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_latest.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_xanmod.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_lqx.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages_zen.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages-libre.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages_lqx.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_zen.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_latest.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages-libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_latest.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_xanmod.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_6.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_lqx.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_5_10.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_6_16.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_latest-libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_xanmod_stable.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_lqx.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_zen.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_5_10.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_6_12.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_6_16.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_5_4.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_1.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_6.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_libre.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_lqx.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_zen.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_5_10.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_5_15.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_16.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12_hardened.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_hardened.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12_hardened.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_latest_libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12_hardened.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod_stable.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
Package maintainers
-
@zhaofengli Zhaofeng Li <hello@zhaofeng.li>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@magenbluten magenbluten <magenbluten@codemonkey.cc>
-
@orivej Orivej Desh <orivej@gmx.fr>
-
@abuibrahim Ruslan Babayev <ruslan@babayev.com>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@xddxdd Yuhui Xu <b980120@hotmail.com>
-
@kmcopper Kyle Copperfield <kmcopper@danwin1210.me>
-
@netixx François Espinet <dev.espinetfrancois@gmail.com>