Contents:
IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for SCUAF gadgets.
What’s at risk
GhostRace exploits Speculative Race Conditions (SRCs) and is tracked as CVE-2024-2193. The flaw affects:
- all major hardware makers, like Intel, AMD, ARM, and IBM
- operating systems and other software that uses conditional branches to determine whether to enter critical regions
An SRC attack can grant hackers to access sensitive information from memory, like passwords and encryption keys.
However, exploiting CVE-2024-2193 is not an easy way to breach a system. It requires either physical access to the targeted device or obtaining privileged access.
How does GhostRace work?
In a nutshell, the paper revealed that:
all the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a Spectre-v1 attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target software.
Source – VuSec website
Race conditions appear if several threads try to access a shared resource at once. This creates flaws that hackers can exploit for:
- arbitrary code execution
- bypassing security defenses
- access sensitive data
- data leakage
To avoid race conditions, OSes use synchronization primitives. However, security analysis revealed that a malicious actor could use race conditions along with speculative execution, largely used technique for CPU attacks.
A proof of concept (PoC) showing step-by-step how the SRC concept works is available on GitHub, here.
As mitigation measures, the researchers suggested
a generic SRC mitigation to serialize all the affected synchronization primitives on Linux. Our mitigation requires minimal kernel changes and incurs only ≈5% geomean performance overhead on LMBench.
Source – VuSec website
Researchers notified the major hardware vendors (Intel, AMD, ARM, and IBM) and the Linux kernel regarding their findings about Speculative Race Conditions at the end of 2023. By now, all parties are aware of CVE-2024-2193.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.