CVE-2024-2193

EPSS 0.9%
Veröffentlicht 15.03.2024 18:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

CNA 2 VulnDex Vulnerability Enrichment 14

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAMD

≫

Produkt CPU

Version See advisory AMD-SB-7016

Status affected

HerstellerXen

≫

Produkt Xen

Version consult Xen advisory XSA-453

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.756

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.7	0.5	5.2	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

http://www.openwall.com/lists/oss-security/2024/03/12/14

https://download.vusec.net/papers/ghostrace_sec24.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

https://kb.cert.org/vuls/id/488902

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

https://www.kb.cert.org/vuls/id/488902

https://www.vusec.net/projects/ghostrace/

https://xenbits.xen.org/xsa/advisory-453.html