CVE-2024-2193

MEDIUM

CPU <Speculative Execution - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-2193. PoCs published by uthrasri.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-2193, targeting a vulnerability in the Linux kernel's autogroup scheduling feature. The code includes modifications to kernel scheduling components, particularly in autogroup.c, which manipulates task group handling to exploit the vulnerability.

Description

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Exploits (1)

nomisec WORKING POC

by uthrasri · poc

https://github.com/uthrasri/CVE-2024-2193

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2024-2193, targeting a vulnerability in the Linux kernel's autogroup scheduling feature. The code includes modifications to kernel scheduling components, particularly in autogroup.c, which manipulates task group handling to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux Kernel (specific version not specified)

No auth needed

Prerequisites: Access to a vulnerable Linux kernel · Ability to compile and load kernel modules

MITRE ATT&CK