ByteOS Network

CVE Vulnerability Details :

CVE-2024-2193

PUBLISHED

More Info Official Page

Assigner-certcc

Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b

Published At-15 Mar, 2024 | 18:03

Updated At-30 Apr, 2025 | 23:03

▼CVE Numbering Authority (CNA)

Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Affected Products

Vendor

Advanced Micro Devices, Inc.

Product

CPU

Versions

Affected

See advisory AMD-SB-7016

Vendor

Xen Project

Product

Xen

Versions

Affected

consult Xen advisory XSA-453

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Type: N/A

CWE ID: N/A

Description: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Credits

finder

Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability.

References

Hyperlink	Resource
https://kb.cert.org/vuls/id/488902	N/A
https://xenbits.xen.org/xsa/advisory-453.html	N/A
https://www.vusec.net/projects/ghostrace/	N/A
https://download.vusec.net/papers/ghostrace_sec24.pdf	N/A
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23	N/A
https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace	N/A
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html	N/A
https://www.kb.cert.org/vuls/id/488902	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/	N/A
http://www.openwall.com/lists/oss-security/2024/03/12/14	N/A

Hyperlink: https://kb.cert.org/vuls/id/488902

Resource: N/A

Hyperlink: https://xenbits.xen.org/xsa/advisory-453.html

Resource: N/A

Hyperlink: https://www.vusec.net/projects/ghostrace/

Resource: N/A

Hyperlink: https://download.vusec.net/papers/ghostrace_sec24.pdf

Resource: N/A

Hyperlink: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23

Resource: N/A

Hyperlink: https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace

Resource: N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html

Resource: N/A

Hyperlink: https://www.kb.cert.org/vuls/id/488902

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/

Resource: N/A

Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/12/14

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-362	CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Type: CWE

CWE ID: CWE-362

Description: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Metrics

Version	Base score	Base severity	Vector
3.1	5.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Version: 3.1

Base score: 5.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://kb.cert.org/vuls/id/488902	x_transferred
https://xenbits.xen.org/xsa/advisory-453.html	x_transferred
https://www.vusec.net/projects/ghostrace/	x_transferred
https://download.vusec.net/papers/ghostrace_sec24.pdf	x_transferred
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23	x_transferred
https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace	x_transferred
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html	x_transferred
https://www.kb.cert.org/vuls/id/488902	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/	x_transferred
http://www.openwall.com/lists/oss-security/2024/03/12/14	x_transferred
http://xenbits.xen.org/xsa/advisory-453.html	N/A