CVE-2024-2193

MEDIUM

CPU <Speculative Execution - Info Disclosure

Title source: llm

Description

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Exploits (1)

nomisec WORKING POC

by uthrasri · poc

https://github.com/uthrasri/CVE-2024-2193

View Code ZIP pw:eip

References (13)

[Mailing List] http://www.openwall.com/lists/oss-security/2024/03/12/14

[Various Sources] https://download.vusec.net/papers/ghostrace_sec24.pdf

[Patch] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

[Various Sources] https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

[Various Sources] https://www.vusec.net/projects/ghostrace/

[Various Sources] https://xenbits.xen.org/xsa/advisory-453.html

[Various Sources] http://xenbits.xen.org/xsa/advisory-453.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/488902

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/488902

Scores

CVSS v3 5.7

EPSS 0.0090

EPSS Percentile 75.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (2)

AMD/CPU See advisory AMD-SB-7016

Xen/Xen consult Xen advisory XSA-453

Published Mar 15, 2024

Tracked Since Feb 18, 2026