Ghostrace: Nearly All Processors Vulnerable to Speculative Execution Attacks

A new threat with the code name ghostrace (CVE-2024-2193) has been identified by research groups from Amsterdam, Free University, and IBM Research’s European branch. This vulnerability affects the fundamental tools used to protect operating systems and could result in serious consequences such as data leakage and impairing the functionality of critical mechanisms.

Ghostrace exploits the workings of modern processors, specifically their capability to predict command sequences. By doing so, attackers can disrupt the synchronization of an operating system’s processes to gain unauthorized access to data and execute malicious code.

The issue revolves around speculative execution, where conditions are created for the system to erroneously assume that memory has been released and is available for reuse when it is still in use. This flaw could enable the rapid extraction of information from system memory.

CVE-2024-2193 affects a wide range of devices as it impacts major processor manufacturers like Intel, AMD, ARM, and IBM, as well as operating systems using standard synchronization mechanisms.

To address this threat, researchers have proposed various mitigation strategies. AMD is focusing on leveraging existing protection methods against attacks like Spectre-V1, while Linux has taken a more intricate approach. Experts have explored ways to mitigate the risk of processor speculation without directly addressing the root cause.

As a result, the research team recommended enhancing speculative performance within critical synchronization primitives by adding just two lines of code. These changes, which include adding LFence instructions after Lock CMPXCHG, result in a mere 5% increase in overhead. This slight performance trade-off is seen as a reasonable price to pay for enhancing the Linux kernel’s resilience against speculative attacks.

/Reports, release notes, official announcements.