CVE-2024-2193

Name
CVE-2024-2193
Description
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cret@cert.org https://download.vusec.net/papers/ghostrace_sec24.pdf
cret@cert.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23
cret@cert.org https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace
cret@cert.org https://kb.cert.org/vuls/id/488902
cret@cert.org https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
cret@cert.org https://www.vusec.net/projects/ghostrace/
cret@cert.org https://xenbits.xen.org/xsa/advisory-453.html
cret@cert.org https://www.kb.cert.org/vuls/id/488902
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
cret@cert.org http://www.openwall.com/lists/oss-security/2024/03/12/14

Match rules

CPE URI Source package Min version Max version
cpu == See advisory AMD-SB-7016 == See advisory AMD-SB-7016
xen == consult Xen advisory XSA-453 == consult Xen advisory XSA-453

Vulnerable and fixed packages

Source package Branch Version Maintainer Status