2262051 – (CVE-2024-2193, GhostRace, RHV-2024-0002) CVE-2024-2193 hw: Spectre-SRC that is Speculative Race Conditions (SRCs) for synchronization primitives similar like Spectre V1 with possibility to bypass software features (e.g., IPIs, high-precision timers, etc)

Bug 2262051 (CVE-2024-2193, GhostRace, RHV-2024-0002) - CVE-2024-2193 hw: Spectre-SRC that is Speculative Race Conditions (SRCs) for synchronization primitives similar like Spectre V1 with possibility to bypass software features (e.g., IPIs, high-precision timers, etc) [NEEDINFO]

Summary: CVE-2024-2193 hw: Spectre-SRC that is Speculative Race Conditions (SRCs) for ...

Keywords:
Status:	NEW
Alias:	CVE-2024-2193, GhostRace, RHV-2024-0002
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2269332
Blocks:	2262049
TreeView+	depends on / blocked

Reported:	2024-01-31 05:59 UTC by Rohit Keshri
Modified:	2024-04-18 22:39 UTC (History)
CC List:	69 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A new cache speculation vulnerability, known as Spectre-SRC (Speculative Race Conditions), was found in hw. Spectre-SRC is similar to the Spectre v1 and allows speculative use-after-free. The difference between this issue and Spectre V1 is that this issue is based on synchronization primitives with the possibility to bypass software features such as IPIs and high-precision timers, which may disclose arbitrary data from a privileged component that should not be accessible.
Clone Of:
Environment:
Last Closed:
Embargoed:
Flags:	hkrzesin: needinfo? (rkeshri)

Attachments	(Terms of Use)

Description Rohit Keshri 2024-01-31 05:59:45 UTC

Speculative Race Conditions (SRCs) for synchronization primitives similar like Spectre V1 with possibility to bypass software features (e.g., IPIs, high-precision timers, etc). In this flaw, all the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs). 

The goal of a GhostRace attack is to disclose arbitrary kernel data by exploiting a speculative race condition in an otherwise architecturally race-free critical region

Reference:
https://www.openwall.com/lists/oss-security/2024/03/12/14

Comment 32 Sandipan Roy 2024-03-13 08:02:38 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2269332]

Comment 33 Justin M. Forbes 2024-03-25 19:08:32 UTC

This was mitigated for Fedora with the 6.7.6 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
ajmitchell
allarkin
anprice
aquini
bhu
brdeoliv
chaekim
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
efuller
esandeen
ezulian
gsierohu
hkrzesin
iwienand
jamills
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jpoimboe
jsanemet
jshortt
jstancek
jwyatt
kcarcia
kgrant
ldoskova
lgoncalv
llong
lzampier
mcascell
mleitner
mmeeroll
mmilgram
mstowell
nmurray
pajung
ptalbert
rogbas
rparrazo
rrobaina
rvrbovsk
rysulliv
saroy
scweaver
security-response-team
sidakwo
stalexan
sukulkar
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang