CVE-2024-2193

CVE-2024-2193

Name

CVE-2024-2193

Description

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cret@cert.org	https://download.vusec.net/papers/ghostrace_sec24.pdf
cret@cert.org	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23
cret@cert.org	https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace
cret@cert.org	https://kb.cert.org/vuls/id/488902
cret@cert.org	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
cret@cert.org	https://www.vusec.net/projects/ghostrace/
cret@cert.org	https://xenbits.xen.org/xsa/advisory-453.html
cret@cert.org	https://www.kb.cert.org/vuls/id/488902
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
cret@cert.org	http://www.openwall.com/lists/oss-security/2024/03/12/14
af854a3a-2127-422b-91ae-364da2661108	http://xenbits.xen.org/xsa/advisory-453.html

Type

URI

cret@cert.org

https://download.vusec.net/papers/ghostrace_sec24.pdf

cret@cert.org

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

cret@cert.org

https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

cret@cert.org

https://kb.cert.org/vuls/id/488902

cret@cert.org

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

cret@cert.org

https://www.vusec.net/projects/ghostrace/

cret@cert.org

https://xenbits.xen.org/xsa/advisory-453.html

cret@cert.org

https://www.kb.cert.org/vuls/id/488902

cret@cert.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

cret@cert.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

cret@cert.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

cret@cert.org

http://www.openwall.com/lists/oss-security/2024/03/12/14

af854a3a-2127-422b-91ae-364da2661108

http://xenbits.xen.org/xsa/advisory-453.html

CPE URI	Source package	Min version	Max version
	cpu	== See advisory AMD-SB-7016	== See advisory AMD-SB-7016
	xen	== consult Xen advisory XSA-453	== consult Xen advisory XSA-453

CPE URI

Source package

Min version

Max version

cpu

== See advisory AMD-SB-7016

xen

== consult Xen advisory XSA-453

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	edge-main	4.18.0-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.18.0-r5	None	fixed
xen	3.21-main	4.18.0-r5	None	fixed
xen	3.20-main	4.18.0-r5	None	fixed
xen	3.19-main	4.18.0-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.18-main	4.17.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.17-main	4.16.5-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

xen

edge-main

4.18.0-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

xen

3.22-main