CVE-2024-2193

NameCVE-2024-2193
DescriptionA Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.226-1vulnerable
bookworm6.1.115-1vulnerable
bookworm (security)6.1.119-1vulnerable
trixie6.12.5-1vulnerable
sid6.12.6-1vulnerable
xen (PTS)bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm4.17.3+10-g091466ba55-1~deb12u1vulnerable
trixie4.17.3+36-g54dacb5c02-1vulnerable
sid4.19.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)
xensourceexperimental4.19.0+14-g0918434e0f-1~exp1
xensourcebuster(unfixed)end-of-life
xensourcebullseye(unfixed)end-of-life
xensource(unstable)4.19.1-1

Notes

[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
https://www.openwall.com/lists/oss-security/2024/03/12/14
https://www.vusec.net/projects/ghostrace/
https://xenbits.xen.org/xsa/advisory-453.html

Search for package or bug name: Reporting problems