CVE-2024-2201 | THREATINT

Description

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

PUBLISHED Reserved 2024-03-05 | Published 2024-12-19 | Updated 2025-01-09 | Assigner certcc

Problem types

CWE-1423

Product status

See advisory "x86: Native Branch History Injection"

affected

References

www.kb.cert.org/vuls/id/155143

github.com/vusec/inspectre-gadget?tab=readme-ov-file

www.openwall.com/lists/oss-security/2024/04/09/15

www.openwall.com/lists/oss-security/2024/05/07/7

xenbits.xen.org/xsa/advisory-456.html

lists.fedoraproject.org/...6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/

lists.fedoraproject.org/...D5OK6MH75S7YWD34EWW7QIZTS627RIE3/

lists.fedoraproject.org/...RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/

www.intel.com/...isory-guidance/branch-history-injection.htm

cve.org (CVE-2024-2201)

nvd.nist.gov (CVE-2024-2201)

Download JSON