VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions | allinfosecnews.com

March 14, 2024, 3:22 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace", for ease of communication.

Description

Speculative execution is an optimization technique where …

architectures attacker can conditions cpu data exploit hardware may race race condition race conditions spectre speculative execution unauthenticated vulnerability vulnerable

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 2 weeks, 4 days ago | kb.cert.org

abuse access attacker baseboard management controller +17

VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 2 weeks, 5 days ago | kb.cert.org

arbitrary code arbitrary code execution attacker can +15

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 month ago | kb.cert.org

application arbitrary code attacker attackers +14

VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month, 1 week ago | kb.cert.org

arbitrary code attackers cases code +15

VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month, 1 week ago | kb.cert.org

architectures attacker attacks bhi +20

VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 2 weeks ago | kb.cert.org

attacks can dos fragments +6

VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 4 weeks ago | kb.cert.org

abuse application applications attacker +18

VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 2 months ago | kb.cert.org

architectures attacker can conditions +13

VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months, 1 week ago | kb.cert.org

app attacks bluetooth called +11

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com