CVE-2024-2193
Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Se ha revelado una vulnerabilidad de condición de ejecución especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecución especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecución para acceder a las rutas de código ejecutable especulativas.
Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-05 CVE Reserved
- 2024-03-13 CVE Published
- 2024-03-28 First Exploit
- 2025-04-30 CVE Updated
- 2025-06-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (14)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/178597 | 2024-05-16 | |
| https://github.com/uthrasri/CVE-2024-2193 | 2024-03-28 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | * | - |
Affected
| ||||||
| Amd Search vendor "Amd" | Cpu Search vendor "Amd" for product "Cpu" | * | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Search vendor "F5" for product "Big-ip" | * | - |
Affected
| ||||||
| Amazon Search vendor "Amazon" | Linux Search vendor "Amazon" for product "Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-server-applications Search vendor "Suse" for product "Sle-module-server-applications" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-sdk Search vendor "Suse" for product "Sle-sdk" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||