GhostRace: New Attack Bypasses OS Security

A new threat, codenamed GhostRace (CVE-2024-2193), has been identified by research teams from the Vrije Universiteit Amsterdam and IBM Research Europe. This vulnerability compromises the foundational security tools of operating systems and may result in severe consequences, including data breaches and disruption of critical mechanisms.

GhostRace exploits the predictive execution capabilities of modern processors, allowing attackers to induce synchronization errors within the operating system’s processes to gain unauthorized data access and launch malicious code.

The issue leverages the speculative execution mechanism, creating scenarios where the system might erroneously believe memory has been freed and is available for reuse, while it is still occupied. This flaw enables the extraction of information from system memory at an unexpectedly rapid pace.

GhostRace

CVE-2024-2193 affects a broad spectrum of devices as it pertains to all major processor manufacturers (Intel, AMD, ARM, IBM) and operating systems that utilize standard synchronization mechanisms.

The researchers also proposed strategies to combat this threat. AMD has focused on applying existing protective measures against attacks similar to Spectre-v1, whereas Linux’s response was more multifaceted. Experts sought to mitigate the risk of processor overload without directly addressing the root of the problem.

Ultimately, the research team recommended serializing the speculative execution process within critical synchronization primitives, requiring the addition of merely two lines of code. These adjustments, including the inclusion of the lfence instruction following the lock cmpxchg operation, incur a mere 5% increase in load. A slight degradation in performance appears to be a reasonable price for significantly enhanced protection of the Linux kernel against speculative attacks.