GhostRace Speculative Execution Attack Impacts All CPU, OS Vendors

Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions.

Researchers at IBM and VU Amsterdam have developed a new attack that exploits speculative execution mechanisms in modern computer processors to bypass checks in operating systems against what are known as race conditions.
The attack leverages a vulnerability (CVE-2024-2193) that the researchers found affecting Intel, AMD, ARM, and IBM processors. It works against any operating system, hypervisor, and software that implements synchronization primitives — or integrated controls against race conditions. The researchers have dubbed their attack GhostRace and described it in a technical paper released this week.
Our key finding is that all the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into speculative race conditions (SRCs), the
researchers said
.
A race condition, as the researchers explain in their paper, can arise when two or more processes, or threads, try to access a shared computing resource — such as memory locations or files — at the same time. Its a relatively common cause for data corruption and vulnerabilities that lead to memory information leaks, unauthorized access, denial of service, and security bypass.
To mitigate against the issue, operating system vendors have implemented what are known as
speculative primitives
in their software that control and synchronize access to shared resources. The primitives, which go by names such as mutex and spinlock, work to ensure that only one thread can access or modify a shared resource at a time.
What the researchers from IBM and VU Amsterdam discovered was a way to bypass these mechanisms by targeting the speculative execution or out-of-order processing feature in modern processors. Speculative execution basically involves a processor predicting the outcome of certain instructions and executing them ahead of time instead of executing them in the order received. The goal is to speed up processing time by having the processor work on subsequent instructions even while waiting for the result from previous instructions.
Speculative execution burst into the spotlight in 2017 when researchers discovered a way to exploit the technique to
access sensitive information in system memory
— such as passwords, encryption keys, and emails — and use that data for further attacks. The so-called Spectre and Meltdown vulnerabilities affected virtually every modern microprocessor and prompted a
review of microprocessor architecture
that in many ways is still ongoing.
As part of an effort to help microprocessor designers and other stakeholders better secure processors against vulnerabilities such as Spectre and Meltdown, MITRE in February 2024 rolled out four new common weakness enumerators (CWE) that
describe and document different microprocessor weaknesses
.
The attack that the IBM and VU Amsterdam researchers developed relies on conditional branch speculation similar to a type of Spectre attack. Our key finding is that all the common (write-side) primitives (i) lack explicit serialization and (ii) guard the critical region with a conditional branch, the researchers said. In other words, they found that when the synchronization primitives use a conditional if statement to control access to a shared resources, they are vulnerable to a speculative execution attack.
In an adversarial speculative execution environment, i.e., with a Spectre attacker mistraining the conditional branch, these primitives essentially behave like a no-op, they noted. The security implications are significant, as an attacker can speculatively execute all the critical regions in victim software with no synchronization.
In a blog post
, the researchers noted that they have informed all major hardware vendors of their discovery, and the vendors have, in turn, notified all affected operating system and hypervisor vendors. All the vendors acknowledged the issue, the researchers said.
In an advisory,
AMD recommended
that software developers follow its
previously published guidance
on how to protect against Spectre type attacks.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
GhostRace Speculative Execution Attack Impacts All CPU, OS Vendors