Details of VAR-202403-0812

ID

VAR-202403-0812

CVE

CVE-2024-2193

TITLE

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Trust: 0.8

sources: CERT/CC: VU#488902

DESCRIPTION

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace", for ease of communication.CVE-2024-2193 AffectedCVE-2024-2193 Affected. AMD CPUs are a series of CPUs manufactured by AMD. AMD CPUs contain a race condition vulnerability. This vulnerability stems from improper handling of concurrent access when concurrent code needs to access shared resources mutually exclusively during network system or product operation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #918669, #921355, #923741, #928620, #929038 ID: 202409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ app-emulation/xen < 4.17.4 >= 4.17.4 Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4" References ========== [ 1 ] CVE-2022-4949 https://nvd.nist.gov/vuln/detail/CVE-2022-4949 [ 2 ] CVE-2022-42336 https://nvd.nist.gov/vuln/detail/CVE-2022-42336 [ 3 ] CVE-2023-28746 https://nvd.nist.gov/vuln/detail/CVE-2023-28746 [ 4 ] CVE-2023-34319 https://nvd.nist.gov/vuln/detail/CVE-2023-34319 [ 5 ] CVE-2023-34320 https://nvd.nist.gov/vuln/detail/CVE-2023-34320 [ 6 ] CVE-2023-34321 https://nvd.nist.gov/vuln/detail/CVE-2023-34321 [ 7 ] CVE-2023-34322 https://nvd.nist.gov/vuln/detail/CVE-2023-34322 [ 8 ] CVE-2023-34323 https://nvd.nist.gov/vuln/detail/CVE-2023-34323 [ 9 ] CVE-2023-34324 https://nvd.nist.gov/vuln/detail/CVE-2023-34324 [ 10 ] CVE-2023-34325 https://nvd.nist.gov/vuln/detail/CVE-2023-34325 [ 11 ] CVE-2023-34327 https://nvd.nist.gov/vuln/detail/CVE-2023-34327 [ 12 ] CVE-2023-34328 https://nvd.nist.gov/vuln/detail/CVE-2023-34328 [ 13 ] CVE-2023-46835 https://nvd.nist.gov/vuln/detail/CVE-2023-46835 [ 14 ] CVE-2023-46836 https://nvd.nist.gov/vuln/detail/CVE-2023-46836 [ 15 ] CVE-2023-46837 https://nvd.nist.gov/vuln/detail/CVE-2023-46837 [ 16 ] CVE-2023-46839 https://nvd.nist.gov/vuln/detail/CVE-2023-46839 [ 17 ] CVE-2023-46840 https://nvd.nist.gov/vuln/detail/CVE-2023-46840 [ 18 ] CVE-2023-46841 https://nvd.nist.gov/vuln/detail/CVE-2023-46841 [ 19 ] CVE-2023-46842 https://nvd.nist.gov/vuln/detail/CVE-2023-46842 [ 20 ] CVE-2024-2193 https://nvd.nist.gov/vuln/detail/CVE-2024-2193 [ 21 ] CVE-2024-31142 https://nvd.nist.gov/vuln/detail/CVE-2024-31142 [ 22 ] XSA-431 https://xenbits.xen.org/xsa/advisory-431.html [ 23 ] XSA-432 https://xenbits.xen.org/xsa/advisory-432.html [ 24 ] XSA-436 https://xenbits.xen.org/xsa/advisory-436.html [ 25 ] XSA-437 https://xenbits.xen.org/xsa/advisory-437.html [ 26 ] XSA-438 https://xenbits.xen.org/xsa/advisory-438.html [ 27 ] XSA-439 https://xenbits.xen.org/xsa/advisory-439.html [ 28 ] XSA-440 https://xenbits.xen.org/xsa/advisory-440.html [ 29 ] XSA-441 https://xenbits.xen.org/xsa/advisory-441.html [ 30 ] XSA-442 https://xenbits.xen.org/xsa/advisory-442.html [ 31 ] XSA-447 https://xenbits.xen.org/xsa/advisory-447.html [ 32 ] XSA-449 https://xenbits.xen.org/xsa/advisory-449.html [ 33 ] XSA-450 https://xenbits.xen.org/xsa/advisory-450.html [ 34 ] XSA-451 https://xenbits.xen.org/xsa/advisory-451.html [ 35 ] XSA-452 https://xenbits.xen.org/xsa/advisory-452.html [ 36 ] XSA-453 https://xenbits.xen.org/xsa/advisory-453.html [ 37 ] XSA-454 https://xenbits.xen.org/xsa/advisory-454.html [ 38 ] XSA-455 https://xenbits.xen.org/xsa/advisory-455.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.25

sources: NVD: CVE-2024-2193 // CERT/CC: VU#488902 // CNVD: CNVD-2025-29750 // PACKETSTORM: 181717

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29750

AFFECTED PRODUCTS

vendor:

amd

model:

cpu

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-29750

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-2193
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-29750
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29750
severity:	MEDIUM
baseScore:	5.3
vectorString:	AV:L/AC:H/AU:M/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-2193
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	5.2
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-29750 // NVD: CVE-2024-2193

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.0

sources: NVD: CVE-2024-2193

EXTERNAL IDS

db:	NVD	id:	CVE-2024-2193	Trust: 2.6
db:	CERT/CC	id:	VU#488902	Trust: 2.4
db:	OPENWALL	id:	OSS-SECURITY/2024/03/12/14	Trust: 1.0
db:	CNVD	id:	CNVD-2025-29750	Trust: 0.6
db:	PACKETSTORM	id:	177568	Trust: 0.1
db:	PACKETSTORM	id:	181717	Trust: 0.1

sources: CERT/CC: VU#488902 // CNVD: CNVD-2025-29750 // PACKETSTORM: 177568 // PACKETSTORM: 181717 // NVD: CVE-2024-2193

REFERENCES

url:	http://xenbits.xen.org/xsa/advisory-453.html	Trust: 2.1
url:	https://kb.cert.org/vuls/id/488902	Trust: 1.6
url:	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zon4tlxg7tg4a2xzg563jmvtgqw4sf3a/	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2024/03/12/14	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eiuicu6cvjuib6bpj7p5qtpqr5vobhfk/	Trust: 1.0
url:	https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h63lgaqxpevjoes73u4xk65i6dasoaag/	Trust: 1.0
url:	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23	Trust: 1.0
url:	https://www.kb.cert.org/vuls/id/488902	Trust: 1.0
url:	https://download.vusec.net/papers/ghostrace_sec24.pdf	Trust: 1.0
url:	https://www.vusec.net/projects/ghostrace/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-2193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34324	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-455.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-28746	Trust: 0.1
url:	https://security.gentoo.org/glsa/202409-10	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-449.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34327	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34319	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-452.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46840	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-447.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34321	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2024-31142	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46835	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42336	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46836	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-440.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-438.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34320	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-442.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-432.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34322	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-436.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-450.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34325	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-441.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-439.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-454.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-437.html	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-431.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34328	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34323	Trust: 0.1
url:	https://xenbits.xen.org/xsa/advisory-451.html	Trust: 0.1

sources: CNVD: CNVD-2025-29750 // PACKETSTORM: 177568 // PACKETSTORM: 181717 // NVD: CVE-2024-2193

CREDITS

Statement Date: March 01, 2024

Trust: 0.8

sources: CERT/CC: VU#488902

SOURCES

db:	CERT/CC	id:	VU#488902
db:	CNVD	id:	CNVD-2025-29750
db:	PACKETSTORM	id:	177568
db:	PACKETSTORM	id:	181717
db:	NVD	id:	CVE-2024-2193

LAST UPDATE DATE

2025-12-19T21:25:15.264000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#488902	date:	2024-03-15T00:00:00
db:	CNVD	id:	CNVD-2025-29750	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2024-2193	date:	2025-04-30T23:16:01.667

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#488902	date:	2024-03-14T00:00:00
db:	CNVD	id:	CNVD-2025-29750	date:	2025-12-03T00:00:00
db:	PACKETSTORM	id:	177568	date:	2024-03-13T15:32:11
db:	PACKETSTORM	id:	181717	date:	2024-09-23T14:27:44
db:	NVD	id:	CVE-2024-2193	date:	2024-03-15T18:15:08.530