CVE-2024-2193

EPSS 1.75%
Veröffentlicht 15.03.2024 18:15:08
Zuletzt bearbeitet 30.04.2025 23:16:01
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAMD

≫

Produkt CPU

Version See advisory AMD-SB-7016

Status affected

HerstellerXen

≫

Produkt Xen

Version consult Xen advisory XSA-453

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.75%	0.819

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.7	0.5	5.2	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

http://www.openwall.com/lists/oss-security/2024/03/12/14

https://download.vusec.net/papers/ghostrace_sec24.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

https://kb.cert.org/vuls/id/488902

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

https://www.kb.cert.org/vuls/id/488902

https://www.vusec.net/projects/ghostrace/

https://xenbits.xen.org/xsa/advisory-453.html