By NewsBlogger Researchers have discovered a new data leakage attack called GhostRace that affects modern CPU architectures, exploiting race conditions and speculative execution to extract information from the processor, with AMD stating that existing guidance for Spectre can be used to mitigate the vulnerability.
At a glance
- GhostRace is a new data leakage attack affecting modern CPU architectures
- It combines speculative execution and race conditions to leak information from the target
- Spectre attacks exploit branch prediction and speculative execution to read privileged data
- AMD states existing guidance for Spectre can be used to mitigate GhostRace
- A high-severity flaw in Kubernetes allows remote code execution with elevated privileges
The details
Researchers have discovered a new data leakage attack known as GhostRace that affects modern CPU architectures.
This attack, a variation of the Spectre v1 vulnerability, combines speculative execution and race conditions to leak information from the target by bypassing synchronization primitives using branch misprediction.
The Systems Security Research Group at IBM Research Europe and VUSec were behind the findings.
Spectre and GhostRace Vulnerabilities
Spectre attacks exploit branch prediction and speculative execution to read privileged data in memory, while GhostRace allows an unauthenticated attacker to extract arbitrary data from the processor using race conditions.
A race condition occurs when two or more processes access the same shared resource without proper synchronization, enabling attackers to access sensitive data from host memory.
Any software implementing synchronization primitives through conditional branches without serializing instruction is vulnerable to Spectre-like vulnerabilities.
Impact on Xen and Kubernetes
AMD has stated that existing guidance for Spectre can be used to mitigate GhostRace.
GhostRace impacts the Xen open-source hypervisor, but it is not expected to pose a serious security threat.
The Xen Security Team has provided hardening patches to address the vulnerability.
In addition to the GhostRace discovery, a high-severity flaw in Kubernetes has been patched, allowing remote code execution with elevated privileges under specific circumstances.
This vulnerability permits remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster.
The flaw affects all versions of Kubelet, including and after version 1.8.0, and was addressed in updates released on November 14, 2023. Successful exploitation of the flaw could lead to a complete takeover of all Windows nodes in a cluster.
The issue arises from the use of insecure function calls and lack of user input sanitization, particularly related to Kubernetes volumes using a volume type known as local volumes.
An attacker can exploit the loophole by creating a PersistentVolume with a specially crafted path parameter in the YAML file.
The Kubernetes team opted to delete the cmd call and replace it with a native GO function to fix the vulnerability.
Furthermore, a critical security flaw was found in the end-of-life Zhejiang Uniview ISC camera model 2500-S, being exploited by threat actors to drop a Mirai botnet variant called NetKiller.
The Condi botnet source code was publicly released on GitHub between August 17 and October 12, 2023, raising concerns that other threat actors may be using it for malicious purposes.
Article X-ray
Sources
Facts attribution
This section links each of the article’s facts back to its original source.
If you suspect false information in the article, you can use this section to investigate where it came from.
| securityweek.com |
|---|
| – Researchers discovered a new data leakage attack called GhostRace impacting modern CPU architectures – GhostRace is a variation of the Spectre v1 vulnerability and combines speculative execution and race conditions – The attack allows attackers to leak information from the target by bypassing synchronization primitives using branch misprediction – The findings were from the Systems Security Research Group at IBM Research Europe and VUSec – Spectre attacks exploit branch prediction and speculative execution to read privileged data in memory – GhostRace enables an unauthenticated attacker to extract arbitrary data from the processor using race conditions – A race condition occurs when two or more processes access the same shared resource without proper synchronization – GhostRace allows attackers to access arbitrary sensitive data from host memory – Any software implementing synchronization primitives through conditional branches without serializing instruction is vulnerable to SRCs – AMD stated that existing guidance for Spectre is applicable to mitigate GhostRace – The Xen open-source hypervisor is impacted by GhostRace, but it is unlikely to pose a serious security threat – The Xen Security Team provided hardening patches to mitigate the vulnerability |
| thehackernews.com |
|---|
| – A high-severity flaw in Kubernetes was patched, allowing remote code execution with elevated privileges under specific circumstances – The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster – The flaw impacts all versions of kubelet, including and after version 1.8.0 – The vulnerability was addressed in updates released on November 14, 2023 – Successful exploitation of the flaw could result in a complete takeover of all Windows nodes in a cluster – The issue stems from the use of insecure function calls and lack of user input sanitization – The flaw relates to a feature called Kubernetes volumes, specifically leveraging a volume type known as local volumes – An attacker can exploit the loophole by creating a PersistentVolume with a specially crafted path parameter in the YAML file – The Kubernetes team chose to delete the cmd call and replace it with a native GO function to address the vulnerability – A critical security flaw was discovered in the end-of-life Zhejiang Uniview ISC camera model 2500-S, being exploited by threat actors to drop a Mirai botnet variant called NetKiller – The Condi botnet source code was released publicly on GitHub between August 17 and October 12, 2023 – Other threat actors may be using the Condi botnet source code for malicious purposes |
