CVE-2024-2193

{"id": "CVE-2024-2193", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.5}]}, "published": "2024-03-15T18:15:08.530", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14", "source": "cret@cert.org"}, {"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf", "source": "cret@cert.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23", "source": "cret@cert.org"}, {"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace", "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/488902", "source": "cret@cert.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "source": "cret@cert.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "source": "cret@cert.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "source": "cret@cert.org"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html", "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/488902", "source": "cret@cert.org"}, {"url": "https://www.vusec.net/projects/ghostrace/", "source": "cret@cert.org"}, {"url": "https://xenbits.xen.org/xsa/advisory-453.html", "source": "cret@cert.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.cert.org/vuls/id/488902", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/488902", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vusec.net/projects/ghostrace/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://xenbits.xen.org/xsa/advisory-453.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths."}, {"lang": "es", "value": "Se ha revelado una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas."}], "lastModified": "2024-11-21T09:09:13.693", "sourceIdentifier": "cret@cert.org"}