admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-116xx/CVE-2024-11614.json
cad-safe-bot 06a5702102 Auto-Update: 2025-04-17T02:00:19.971029+00:00
2025-04-17 02:03:52 +00:00

112 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-11614",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-12-18T09:15:06.660",
"lastModified": "2025-04-17T01:15:45.350",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en la funci\u00f3n de descarga de suma de comprobaci\u00f3n de la librer\u00eda DPDK's Vhost. Este problema permite que un invitado no confiable o comprometido bloquee el vSwitch del hipervisor falsificando descriptores Virtio para provocar lecturas fuera de los l\u00edmites. Esta falla permite que un atacante con una m\u00e1quina virtual maliciosa que utilice un controlador Virtio haga que el lado del usuario vhost se bloquee enviando un paquete con una solicitud de descarga de suma de comprobaci\u00f3n Tx y un desplazamiento csum_start no v\u00e1lido."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:0208",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0209",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0210",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0211",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0220",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0221",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0222",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:3963",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:3964",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:3965",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:3970",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11614",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327955",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/17/3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink