CVE-2024-2193
Public on 2024-03-15
Modified on 2024-03-18
Description
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | kernel | No Fix Planned | ||
| HAQM Linux 2 - Core | kernel | 2024-04-24 | ALAS2-2024-2525 | Fixed |
| HAQM Linux 2 - Kernel-5.10 Extra | kernel | 2024-03-27 | ALAS2KERNEL-5.10-2024-053 | Fixed |
| HAQM Linux 2 - Kernel-5.15 Extra | kernel | 2024-02-29 | ALAS2KERNEL-5.15-2024-039 | Fixed |
| HAQM Linux 2 - Kernel-5.4 Extra | kernel | 2024-03-27 | ALAS2KERNEL-5.4-2024-062 | Fixed |
| HAQM Linux 2023 | kernel | 2024-02-29 | ALAS2023-2024-549 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| NVD | CVSSv3 | 5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N |