Speculative Execution Vulnerability Affects Modern CPUs
Key Information
- Vendor
- Amd
- Status
- Cpu
- Xen
- Vendor
- CVE Published:
- 15 March 2024
Badges
Summary
A speculative race condition (SRC) vulnerability, labeled as CVE-2024-2193, has been disclosed, affecting modern CPU architectures that support speculative execution and impacting AMD hardware. This vulnerability allows attackers to exploit race conditions to access speculative executable code paths and disclose arbitrary data from the CPU. The vulnerability can be exploited to leak information from a target software, and an exploitation technique called Inter-Process Interrupt (IPI) Storming has been developed to create an unbounded exploitation window, allowing attackers to execute an arbitrary number of attacks within a single race window. The vulnerability has been confirmed to affect all major hardware vendors and any software using conditional branches to determine whether to enter critical regions. Mitigation has been proposed, requiring minimal kernel changes and incurring only a minimal performance overhead. The vulnerability has been disclosed to major hardware vendors and the Linux kernel, with AMD explicitly stating that existing mitigations for Spectre-v1 apply. This vulnerability highlights the need for rigorous security measures and timely patching to protect against potential threats.
Affected Version(s)
CPU = See advisory AMD-SB-7016
Xen = consult Xen advisory XSA-453
News Articles
New GhostRace Attack Impacts Major CPU, Software Vendors | LinuxSecurity.com
What Is the GhostRace Attack? IBM and VU Amsterdam University researchers have identified a new
6 months ago
Risky Biz News: NIST NVD stopped enriching CVEs a month ago
In other news: LockBit member sentenced to prison; CIA runs anti-China info-op; new GhostRace side-channel attack.
6 months ago
Researchers Disclose Proof of Concept for New GhostRace Attack
IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type.
7 months ago
Timeline
- 👾
Exploit exists.
Vulnerability published.
First article discovered by vusec
Vulnerability Reserved.