Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2193", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2024-03-05T15:11:04.573Z", "datePublished": "2024-03-15T18:03:32.844Z", "dateUpdated": "2025-04-30T23:03:28.475Z"}, "containers": {"cna": {"title": "Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.", "descriptions": [{"lang": "en", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths."}], "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability."}], "affected": [{"vendor": "AMD", "product": "CPU", "versions": [{"status": "affected", "version": "See advisory AMD-SB-7016"}]}, {"vendor": "Xen", "product": "Xen", "versions": [{"status": "affected", "version": "consult Xen advisory XSA-453"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/488902"}, {"url": "https://xenbits.xen.org/xsa/advisory-453.html"}, {"url": "https://www.vusec.net/projects/ghostrace/"}, {"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"}, {"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"}, {"url": "https://www.kb.cert.org/vuls/id/488902"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"}], "x_generator": {"engine": "VINCE 2.1.11", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-05-01T17:10:43.337Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T15:31:03.336472Z", "id": "CVE-2024-2193", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T16:10:13.603Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://kb.cert.org/vuls/id/488902", "tags": ["x_transferred"]}, {"url": "https://xenbits.xen.org/xsa/advisory-453.html", "tags": ["x_transferred"]}, {"url": "https://www.vusec.net/projects/ghostrace/", "tags": ["x_transferred"]}, {"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23", "tags": ["x_transferred"]}, {"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace", "tags": ["x_transferred"]}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/488902", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14", "tags": ["x_transferred"]}, {"url": "http://xenbits.xen.org/xsa/advisory-453.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-30T23:03:28.475Z"}}]}}