Vulnerability Description
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/12/14
- https://download.vusec.net/papers/ghostrace_sec24.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944
- https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace
- https://kb.cert.org/vuls/id/488902
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
- https://www.kb.cert.org/vuls/id/488902
- https://www.vusec.net/projects/ghostrace/
- https://xenbits.xen.org/xsa/advisory-453.html
- http://www.openwall.com/lists/oss-security/2024/03/12/14
- http://xenbits.xen.org/xsa/advisory-453.html
- https://download.vusec.net/papers/ghostrace_sec24.pdf
FAQ
What is CVE-2024-2193?
CVE-2024-2193 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can expl...
How severe is CVE-2024-2193?
CVE-2024-2193 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2193?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.