dpdk: fix CVE-2024-11614 - linux/meta-dpdk.git - Mirror of git.yoctoproject.org/meta-dpdk

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-02-11 11:03:30 +0000
committer	Anuj Mittal <anuj.mittal@intel.com>	2025-02-13 23:27:58 +0800
commit	2b03da4eba7b5ffa6dc8dbe79c0413f4989c7b8d (patch)
tree	88e3b3df2e186cff56012015233952bd2578f12f /README
parent	e83a76ee92970276b9fb6357aa9851b035dd0bff (diff)
download	meta-dpdk-scarthgap.tar.gz

dpdk: fix CVE-2024-11614scarthgap

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. Reference: https://security-tracker.debian.org/tracker/CVE-2024-11614 Upstream-patch: https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

Diffstat (limited to 'README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: