GOHSTRACE Vulnerability Security Update Advisory (CVE-2024-2193)
Overview
An update has been made available to fix vulnerabilities in critical hardware and operating systems. users of affected versions are advised to update to the latest version.
Affected Products
Since the root cause of the vulnerability lies in the CPU’s speculative execution mechanism and conditional branch prediction, it can in principle affect modern CPU architectures (x86, ARM, RISC-V, etc.), operating systems, and hypervisors that support speculative execution related to Spectre V1.
Resolved Vulnerabilities
Modern CPU architectures that support speculative execution capabilities related to Spectre V1 may be affected by the Speculative Race Conditions (SRC) vulnerability (GhostRace, CVE-2024-2193). this vulnerability means that all common synchronization primitives can be bypassed at the microarchitecture level during speculative execution. As a result, critical regions that are architecturally considered race condition-free can be exposed to potential security risks through speculative execution.
Specifically, mutexes and spinlocks, widely used synchronization mechanisms in the kernel and elsewhere, are affected by this vulnerability; these synchronization primitives can be effectively invalidated in the speculative execution path, allowing an attacker to speculatively execute all critical regions of the victim software without synchronization, which can lead to serious security issues. in a proof-of-concept (PoC), we demonstrated that a Speculative Concurrent Use-After-Free (SCUAF) attack can exfiltrate 12 KB of data per second from kernel memory. (References [2], [3], [4], [5])
Vulnerability Patches
The vulnerability affects modern CPU architectures (x86, ARM, RISC-V, etc.), operating systems, and hypervisors that support speculative execution.
vulnerability Patches are available from some vendors with the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
AMD CPUs
We have found that existing mitigation techniques to counter conditional branch prediction misuse, such as Spectre-v1, can also be applied to SRC.
please update based on the references [7], [8].
Xen
- Xen-unstable
- Xen 4.18.x
- Xen 4.17.x versions
- Xen 4.16.x
- Xen 4.15.x Versions
Linux
the Linux kernel developers have no immediate plans to add serialization commands to the sync primitives for performance reasons, but have taken steps such as implementing IPI rate limiting to counteract CPU saturation issues.
please update based on the following patches
- Patch Commit: 944d5fe50f3f03daacfea16300e656a1691c4a23 (update based on reference [9])
Referenced Sites
[1] cve-2024-2193
https://www.cve.org/CVERecord?id=CVE-2024-2193
[2] ghostrace: exploiting and mitigating specialized race conditions
https://bm.github.io/system-security-research-updates/2024/03/12/ghostrace
[3] VUSec: Ghostrace
https://www.vusec.net/projects/ghostrace/
[4] Github Repo
https://github.com/vusec/ghostrace
[5] Vulnerability Paper (33rd USENIX Security Symposium 2024)
https://download.vusec.net/papers/ghostrace_sec24.pdf
[6] Xen Advisory Information
https://xenbits.xen.org/xsa/advisory-453.html
[7] Speculative Race Conditions (SRCs)
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
[8] software techniques for managing speculation on amd processors
[9] Linux Kernel