QwikSec

Security Database

CVE

CWE

Training

CVE-2024-2193

Published: Mar 15, 2024

Modified: Apr 30, 2025

PUBLISHED

Description

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Vendor	Product	Versions
AMD	CPU	affected `See advisory AMD-SB-7016`
Xen	Xen	affected `consult Xen advisory XSA-453`

References

https://kb.cert.org/vuls/id/488902

https://xenbits.xen.org/xsa/advisory-453.html

https://www.vusec.net/projects/ghostrace/

https://download.vusec.net/papers/ghostrace_sec24.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

https://www.kb.cert.org/vuls/id/488902

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

http://www.openwall.com/lists/oss-security/2024/03/12/14

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.