New GhostRace Vulnerability In CPUs May Leak Data

Another security vulnerability has been found in the modern CPUs supporting speculative execution. Identified as “GhostRace”, the vulnerability is a Spectre variant that combines with race condition, exposing data to an adversary.

GhostRace Vulnerability Impacts Most Modern Processors

Researchers from the VUSec group at VU Amsterdam and the Systems Security Research Group at IBM Research Europe have disclosed the details about the newly discovered GhostRace vulnerability threatening most contemporary processors.

Specifically, they identified a speculative execution vulnerability (CVE-2024-2193) – a Spectre variant – exploiting which allows an unauthenticated attacker to access sensitive data.

The researchers demonstrated how the existing synchronization primitives, which operating system apply to prevent race conditions, can be bypassed on speculatively executed code paths, “turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs).”

Describing the SRCs, the researchers stated,

While the effects of SRCs are not visible at the architectural level (e.g., no crashes or deadlocks), due to the transient nature of speculative execution, a Spectre attacker can still observe their microarchitectural effects via side channels. As result, any SRC breaking security invariants can ultimately lead to Spectre gadgets disclosing victim data to the attacker.

For this, they focused on Speculative Concurrent Use-After-Free (SCUAF) information disclosure attacks, exploiting the flaw against over 1200 Linux devices, leaking arbitrary kernel memory at a rate of 12 KB/s.

Regarding the affected software, the researchers explain that “any operating system, hypervisor, synchronization primitives through conditional branches without any serializing instruction on that path and running on any microarchitecture (e.g., x86, ARM, RISC-V, etc.)” is vulnerable to SRCs. Whereas, for the vulnerable hardware, the researchers mention all existing microarchitectures that are vulnerable to Spectre v1, as susceptible to GhostRace.

Users Urged To Patch Their Systems Soon

To address this vulnerability, the researchers propose a generic SRC mitigation to serialize all synchronization primitives. It requires minimal kernel changes and has least performance impact.

Following this discovery, the researchers responsibly disclosed the matter to all hardware vendors (Intel, AMD, ARM, and IBM) and the Linux kernel developers. These vendors further intimated other software vendors to address the matter, while AMD assured that the existing Spectre v1 mitigations apply to GhostRace as well. However, Linux kernel developers haven’t adequately addressed the matter yet.

The researchers have elaborated on their findings in a research paper scheduled for publication at the 33rd USENIX Security Symposium 2024. In addition, they have shared the PoC, the gadget scanner, and other details on a dedicated web page.

Besides, a CERT Coordination Center (CERT/CC) advisory also highlights this vulnerability as a recent security threat targeting the processors. CERT also advised users to update their systems with recent software updates from the respective vendors to receive the patches for this flaw.

Before GhostRace, the same researchers also disclosed the SLAM attack affecting most CPUs, which the vendors patched accordingly following the vulnerability disclosure.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients