Heimdal
article featured image

Contents:

IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for SCUAF gadgets.

What’s at risk

GhostRace exploits Speculative Race Conditions (SRCs) and is tracked as CVE-2024-2193. The flaw affects:

  • all major hardware makers, like Intel, AMD, ARM, and IBM
  • operating systems and other software that uses conditional branches to determine whether to enter critical regions

An SRC attack can grant hackers to access sensitive information from memory, like passwords and encryption keys.

However, exploiting CVE-2024-2193 is not an easy way to breach a system. It requires either physical access to the targeted device or obtaining privileged access.

How does GhostRace work?

In a nutshell, the paper revealed that:

all the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a Spectre-v1 attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target software.

ghostrace Speculative Race Conditions

Source – VuSec website

Race conditions appear if several threads try to access a shared resource at once. This creates flaws that hackers can exploit for:

To avoid race conditions, OSes use synchronization primitives. However, security analysis revealed that a malicious actor could use race conditions along with speculative execution, largely used technique for CPU attacks.

A proof of concept (PoC) showing step-by-step how the SRC concept works is available on GitHub, here.

As mitigation measures, the researchers suggested

a generic SRC mitigation to serialize all the affected synchronization primitives on Linux. Our mitigation requires minimal kernel changes and incurs only ≈5% geomean performance overhead on LMBench.

Source – VuSec website

Researchers notified the major hardware vendors (Intel, AMD, ARM, and IBM) and the Linux kernel regarding their findings about Speculative Race Conditions at the end of 2023. By now, all parties are aware of CVE-2024-2193.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE