Wiz
Vulnerability DatabaseCVE-2024-11614

CVE-2024-11614
Rocky Linux vulnerability analysis and mitigation

Overview

An out-of-bounds read vulnerability (CVE-2024-11614) was discovered in DPDK's Vhost library checksum offload feature. The vulnerability was introduced in DPDK v21.05 and affects systems where Vhost-based applications register devices with the RTEVHOSTUSERNETCOMPLIANTOLFLAGS flag (Bugzilla, NVD).

Technical details

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.0 base score of 7.4 (HIGH). The issue occurs when processing packets with Tx checksum offload requests containing invalid csum_start offsets. The vulnerability specifically affects the checksum offload feature in the DPDK Vhost library when handling Virtio descriptors (NVD, Red Hat).

Impact

This vulnerability enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. The impact is limited to denial of service, with no evidence of data confidentiality or integrity breaches (Openwall).

Mitigation and workarounds

Multiple vendors have released security updates to address this vulnerability. Red Hat has released fixes across various versions of Red Hat Enterprise Linux, including versions 8.x and 9.x. The fixes are available through security advisories RHSA-2025:0208 through RHSA-2025:0222. Debian has also released fixes for affected versions, with version 24.11.1-1 addressing the vulnerability in the unstable branch (Red Hat, Debian).

Additional resources

SourceThis report was generated using AI

Related Rocky Linux vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13020HIGH8.8
  • NixOSNixOS
  • thunderbird
NoYesNov 11, 2025
CVE-2025-59088HIGH8.6
  • Rocky LinuxRocky Linux
  • idm:client::ipa-selinux
NoYesNov 12, 2025
CVE-2025-13019HIGH8.1
  • NixOSNixOS
  • rhel10::firefox-flatpak
NoYesNov 11, 2025
CVE-2025-13018HIGH8.1
  • NixOSNixOS
  • firefox-esr
NoYesNov 11, 2025
CVE-2025-59089MEDIUM5.9
  • Rocky LinuxRocky Linux
  • idm:client::python3-jwcrypto
NoYesNov 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo