CVE-2024-2201
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/12/2024
Last modified:
09/01/2025
Description
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2024/04/09/15
- http://www.openwall.com/lists/oss-security/2024/05/07/7
- http://xenbits.xen.org/xsa/advisory-456.html
- https://github.com/vusec/inspectre-gadget?tab=readme-ov-file
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm
- https://www.kb.cert.org/vuls/id/155143