CVE-2024-2193

EPSS 1.75%
Published 15.03.2024 18:15:08
Last modified 30.04.2025 23:16:01
Source cret@cert.org
Teams watchlist Login
Open Login

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorAMD

≫

Product CPU

Version See advisory AMD-SB-7016

Status affected

VendorXen

≫

Product Xen

Version consult Xen advisory XSA-453

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.75%	0.819

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.7	0.5	5.2	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

http://www.openwall.com/lists/oss-security/2024/03/12/14

https://download.vusec.net/papers/ghostrace_sec24.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

https://kb.cert.org/vuls/id/488902

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

https://www.kb.cert.org/vuls/id/488902

https://www.vusec.net/projects/ghostrace/

https://xenbits.xen.org/xsa/advisory-453.html