CVE-2024-2193

MEDIUM

CPU <Speculative Execution - Info Disclosure

Title source: llm

Description

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Exploits (1)

nomisec WORKING POC

by uthrasri · poc

https://github.com/uthrasri/CVE-2024-2193

View Code ZIP pw:eip

References (13)

[Mailing List] http://www.openwall.com/lists/oss-security/2024/03/12/14

[Various Sources] https://download.vusec.net/papers/ghostrace_sec24.pdf

[Patch] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

[Various Sources] https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

[Various Sources] https://www.vusec.net/projects/ghostrace/

[Various Sources] https://xenbits.xen.org/xsa/advisory-453.html

[Various Sources] http://xenbits.xen.org/xsa/advisory-453.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/488902

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/488902

Scores

CVSS v3 5.7

EPSS 0.0089

EPSS Percentile 75.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-362

Status draft

Timeline

Published Mar 15, 2024

Tracked Since Feb 18, 2026