A new data leakage attack impacting modern CPU architectures supporting speculative execution has been discovered by a group of researchers.
Named GhostRace (CVE-2024-2193), this attack is a variation of the Spectre v1 vulnerability (CVE-2017-5753) and combines speculative execution with race conditions.
The researchers explained that “All the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a branch misprediction attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target.”
Systems Security Research Group at IBM Research Europe and VUSec made these findings, with VUSec having previously disclosed the SLAM attack targeting modern processors in December 2023.
Spectre refers to a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in the memory, bypassing isolation protections between applications.
While speculative execution is a common performance optimization technique, Spectre attacks take advantage of erroneous predictions in CPU caches.
GhostRace enables attackers to access arbitrary data from the processor using race conditions to access speculative executable code paths with a Speculative Concurrent Use-After-Free (SCUAF) attack.
A race condition occurs when multiple processes try to access the same resource simultaneously, leading to inconsistent results and creating an opportunity for malicious actions.
The research led by CERT Coordination Center (CERT/CC) described SRC vulnerabilities and their exploitation strategy.
AMD and Xen have acknowledged the vulnerability and provided mitigation advice to prevent exploitation.
