March 15, 2024 at 02:03PM
A group of researchers has discovered a new data leakage attack called GhostRace (CVE-2024-2193), a variation of the spectre v1 vulnerability, impacting modern CPU architectures. This exploit allows unauthenticated attackers to extract sensitive data from the processor by accessing speculative executable code paths. Both AMD and Xen have provided solutions to mitigate this vulnerability.
From the meeting notes on the Newsroom Hardware Security / Data Protection from March 15, 2024, it was discussed that a new data leakage attack called GhostRace (CVE-2024-2193) has been discovered, which is a variation of the Spectre v1 vulnerability (CVE-2017-5753). The attack exploits speculative execution and race conditions, potentially allowing unauthenticated attackers to extract arbitrary data from the processor using speculative executable code paths. The attack impacts modern CPU architectures. Researchers at the Systems Security Research Group at IBM Research Europe and VUSec made these findings, and it was noted that existing guidance for Spectre from AMD remains applicable to mitigate this vulnerability. Additionally, the Xen open-source hypervisor is affected by this vulnerability, and the Xen Security Team has provided hardening patches to address the issue.
The meeting notes highlighted the characteristics of the GhostRace vulnerability, its impact on different CPU architectures, and the mitigation measures recommended by AMD and Xen Security Team.