With the help of CVE-2024-2193, hackers can strip system memory with incredible speed.
A new threat code-named GhostRace (CVE-2024-2193) has been detected by research teams from the Free University of Amsterdam and the European branch of IBM Research. The vulnerability affects the basic security tools of operating systems and can lead to serious consequences, including data leakage and disruption of important mechanisms.
GhostRace uses the features of modern processors, namely their ability to predict the sequence of command execution. In this way, attackers can cause errors in the synchronization of operating system processes to allow unauthorized access to data and run malicious code.
The problem exploits the speculative execution mechanism, creating conditions under which the system may mistakenly believe that memory is already freed and available for reuse, when in reality it is still occupied. The defect will allow you to extract information from the system memory at an unexpectedly high speed.
CVE-2024-2193 covers a wide range of devices, as it affects all major processor manufacturers (Intel, AMD, ARM, IBM) and operating systems that use standard synchronization mechanisms.
The researchers also suggested methods to combat the threat. AMD focused on applying existing ways to protect against attacks like Spectre-v1, but Linux's response was more multidimensional. Experts tried to figure out how to eliminate the risk of processor overload without directly touching the root of the problem.
As a result, the research team recommended serializing the speculative execution process inside the most important synchronization primitives, adding just two lines of code. These changes, including the addition of the lfence statement after the lock cmpxchg operation, increase the load by only 5%. A slight performance penalty seems like a reasonable price to pay for stronger protection of the Linux kernel from speculative attacks.
A new threat code-named GhostRace (CVE-2024-2193) has been detected by research teams from the Free University of Amsterdam and the European branch of IBM Research. The vulnerability affects the basic security tools of operating systems and can lead to serious consequences, including data leakage and disruption of important mechanisms.
GhostRace uses the features of modern processors, namely their ability to predict the sequence of command execution. In this way, attackers can cause errors in the synchronization of operating system processes to allow unauthorized access to data and run malicious code.
The problem exploits the speculative execution mechanism, creating conditions under which the system may mistakenly believe that memory is already freed and available for reuse, when in reality it is still occupied. The defect will allow you to extract information from the system memory at an unexpectedly high speed.
CVE-2024-2193 covers a wide range of devices, as it affects all major processor manufacturers (Intel, AMD, ARM, IBM) and operating systems that use standard synchronization mechanisms.
The researchers also suggested methods to combat the threat. AMD focused on applying existing ways to protect against attacks like Spectre-v1, but Linux's response was more multidimensional. Experts tried to figure out how to eliminate the risk of processor overload without directly touching the root of the problem.
As a result, the research team recommended serializing the speculative execution process inside the most important synchronization primitives, adding just two lines of code. These changes, including the addition of the lfence statement after the lock cmpxchg operation, increase the load by only 5%. A slight performance penalty seems like a reasonable price to pay for stronger protection of the Linux kernel from speculative attacks.
