How severe is CVE-2024-11614?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-11614?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2024-11614 - HIGH Severity | CVSS 7.4

Vulnerability Description

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.

Related Vulnerabilities

CVE-2021-21198

HIGH

CVSS:7.4(High)

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE-1252021

CVE-2021-3712

HIGH

CVSS:7.4(High)

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C ...

CWE-1252021

CVE-2022-47630

HIGH

CVSS:7.4(High)

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger da...

CWE-1252022

CVE-2024-36054

HIGH

CVSS:7.4(High)

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) a...

CWE-1252024

CVE-2024-47041

HIGH

CVSS:7.4(High)

In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed....

CWE-1252024

CVE-2025-32914

HIGH

CVSS:7.4(High)

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read ...

CWE-1252025