A Speculative Race Condition (SRC) vulnerability that impacts modern CPU
architectures supporting speculative execution (related to Spectre V1) has
been disclosed. An unauthenticated attacker can exploit this vulnerability
to disclose arbitrary data from the CPU using race conditions to access the
speculative executable code paths.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
rodrigo-zaiden | IPI Storming, aka CVE-2024-26602, can be used to win a SRC. as per the ghostrace post in vusec: a generic SRC mitigation is to serialize all the affected synchronization primitives. and the answer is: The Linux kernel developers have no immediate plans to implement our proposed serialization of synchronization primitives due to performance concerns. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
download.vusec.net/papers/ghostrace_sec24.pdf
ibm.github.io/system-security-research-updates/2024/03/12/ghostrace
kb.cert.org/vuls/id/488902
launchpad.net/bugs/cve/CVE-2024-2193
nvd.nist.gov/vuln/detail/CVE-2024-2193
security-tracker.debian.org/tracker/CVE-2024-2193
www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
www.cve.org/CVERecord?id=CVE-2024-2193
www.openwall.com/lists/oss-security/2024/03/12/14
www.vusec.net/projects/ghostrace/
xenbits.xen.org/xsa/advisory-453.html