CVE-2024-2193

Name of the Vulnerable Software and Affected Versions Modern CPU architectures supporting speculative execution (affected versions not specified)

Description A Speculative Race Condition (SRC) vulnerability, known as GhostRace, has been disclosed. This vulnerability impacts modern CPU architectures supporting speculative execution and is related to Spectre V1. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. The attack exploits a technique called speculative execution, which is used to make processors run faster. The vulnerability affects CPUs from major vendors such as Intel, AMD, ARM, and IBM. Researchers have demonstrated the attack by publishing a proof-of-concept exploit that can extract data from the Linux kernel memory with a performance of 12 KB per second.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, AMD and Linux have proposed methods to mitigate this threat, focusing on minimizing risks without significantly impacting performance. These recommendations include serializing the speculative execution process, which increases the processor load by only 5%, thus providing protection against speculative attacks with minimal performance degradation. As a temporary workaround, consider disabling speculative execution or restricting access to sensitive data until a patch is available.