Lucene search
F5F5:K000139682HistoryMay 20, 2024 - 12:00 a.m.
K000139682: Speculative race conditions vulnerabilities CVE-2024-2193 and CVE-2024-26602
2024-05-2000:00:00
my.f5.com
6
speculative race condition
modern cpu
vulnerability
linux kernel
security
cpu
cve-2024-2193
cve-2024-26602
Security Advisory Description
- CVE-2024-2193
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. - CVE-2024-26602
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine.
Impact
An authenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
For products with Nonein the Versions known to be vulnerable column, there is no impact.
For products with ****** in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue.
Related
redhatcve
redhatcve
CVE-2024-2193
2024-03-13 08:07:30
CVE-2024-26602
2024-03-04 14:02:04
ubuntucve
ubuntucve
CVE-2024-2193
2024-03-15 00:00:00
CVE-2024-26602
2024-02-26 00:00:00
amazon
amazon
Medium: kernel
2024-04-24 22:15:00
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2024-2525)
2024-04-30 00:00:00
RHEL 9 : kernel-rt (RHSA-2024:1533)
2024-03-27 00:00:00
debiancve
debiancve
CVE-2024-26602
2024-02-26 16:28:00
CVE-2024-2193
2024-03-15 18:15:08
cvelist
cvelist
prion
prion
Spoofing
2024-02-26 16:28:00
xen
xen
GhostRace: Speculative Race Conditions
2024-03-12 16:44:00
cve
cve
CVE-2024-26602
2024-02-26 16:28:00
CVE-2024-2193
2024-03-15 18:15:08
veracode
veracode
Speculative Race Condition
2024-03-20 23:42:26
amd
amd
Speculative Race Conditions (SRCs)
2024-03-12 00:00:00
talosblog
talosblog
Not everything has to be a massive, global cyber attack
2024-03-14 18:00:08
cert
cert
osv
osv
CVE-2024-2193
2024-03-15 18:15:08
Moderate: kernel security, bug fix, and enhancement update
2024-05-22 00:00:00
linux-bluefield vulnerabilities
2024-05-14 09:00:08
redhat
redhat
(RHSA-2024:1532) Moderate: kernel security and bug fix update
2024-03-27 00:03:58
(RHSA-2024:1533) Moderate: kernel-rt security and bug fix update
2024-03-27 00:04:09
(RHSA-2024:1653) Moderate: kernel security and bug fix update
2024-04-03 00:12:17
fedora
fedora
[SECURITY] Fedora 39 Update: xen-4.17.2-8.fc39
2024-03-30 01:09:49
[SECURITY] Fedora 38 Update: xen-4.17.2-8.fc38
2024-03-30 01:44:40
[SECURITY] Fedora 40 Update: xen-4.18.1-1.fc40
2024-03-23 00:54:07
openvas
openvas
Fedora: Security Advisory for xen (FEDORA-2024-9e9f53d01d)
2024-04-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1105-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for xen (SUSE-SU-2024:1152-1)
2024-04-09 00:00:00
thn
thn
GhostRace – New Data Leak Vulnerability Affects Modern CPUs
2024-03-15 17:46:00
Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel
2024-04-10 09:26:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2024-04-10 07:03:52
oraclelinux
oraclelinux
kernel security and bug fix update
2024-03-20 00:00:00
kernel security, bug fix, and enhancement update
2024-05-23 00:00:00
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2024-03-25 15:37:48
ubuntu
ubuntu
Linux kernel (BlueField) vulnerabilities
2024-05-14 00:00:00
Linux kernel vulnerabilities
2024-05-15 00:00:00
Linux kernel (AWS) vulnerabilities
2024-05-20 00:00:00