Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
References
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3965 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3970 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:3963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3965 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3970 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3965 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3970 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3965 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3970 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3965 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3970 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
- RHSA-2025:0208 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0209 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0210 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0211 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0220 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0221 vendor-advisory x_refsource_REDHAT
- RHSA-2025:0222 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3965 vendor-advisory x_refsource_REDHAT
- RHSA-2025:3970 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-11614 x_refsource_REDHAT vdb-entry
- RHBZ#2327955 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/12/17/3
Affected products
dpdk
- <21.11-4
- *
openvswitch
openvswitch3.0
openvswitch3.1
- *
openvswitch3.2
openvswitch3.3
- *
openvswitch3.4
- *
openvswitch2.10
openvswitch2.11
openvswitch2.12
openvswitch2.13
openvswitch2.15
openvswitch2.16
openvswitch2.17
Matching in nixpkgs
pkgs.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.openvswitch
Multilayer virtual switch
-
nixos-unstable -
- nixpkgs-unstable 3.6.0
pkgs.openvswitch-dpdk
Multilayer virtual switch
-
nixos-unstable -
- nixpkgs-unstable 3.6.0
pkgs.linuxPackages.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_zen.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages-libre.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_latest.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_xanmod.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_lqx.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages_zen.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages-libre.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages_lqx.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_zen.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_latest.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxPackages-libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_latest.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxPackages_xanmod.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_6.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_lqx.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_5_10.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_6_16.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_latest-libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxPackages_xanmod_stable.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_lqx.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_zen.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_5_10.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_6_12.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_6_16.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_5_4.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_1.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_6.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_libre.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_lqx.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_zen.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_5_10.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_5_15.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_16.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12_hardened.dpdk
Set of libraries and drivers for fast packet processing
-
nixos-unstable -
- nixpkgs-unstable 25.07
pkgs.linuxKernel.packages.linux_hardened.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12_hardened.odp-dpdk
Open Data Plane optimized for DPDK
-
nixos-unstable -
- nixpkgs-unstable 1.46.0.0_DPDK_22.11
pkgs.linuxKernel.packages.linux_latest_libre.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_6_12_hardened.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
pkgs.linuxKernel.packages.linux_xanmod_stable.dpdk-kmods
Kernel modules for DPDK
-
nixos-unstable -
- nixpkgs-unstable 2023-02-05
Package maintainers
-
@zhaofengli Zhaofeng Li <hello@zhaofeng.li>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@magenbluten magenbluten <magenbluten@codemonkey.cc>
-
@orivej Orivej Desh <orivej@gmx.fr>
-
@abuibrahim Ruslan Babayev <ruslan@babayev.com>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@xddxdd Yuhui Xu <b980120@hotmail.com>
-
@kmcopper Kyle Copperfield <kmcopper@danwin1210.me>
-
@netixx François Espinet <dev.espinetfrancois@gmail.com>