CVE-2024-2201:
First published: Wed Mar 06 2024(Updated: )
<p>This CVE was assigned by Intel. Please see <a href="https://www.cve.org/CVERecord?id=CVE-2024-2201">CVE-2024-2201</a> on CVE.org for more information.</p>
Credit: cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | ||
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows Server 2022 23H2 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Windows 11 | =23H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =22H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =21H2 | |
| Windows 11 | =23H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| debian/linux | <=5.10.223-1<=5.10.234-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 |
| debian/xen | <=4.14.6-1<=4.14.5+94-ge49571868d-1<=4.17.3+10-g091466ba55-1~deb12u1 | 4.17.5+23-ga4e5191dc0-1 4.19.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2201 (Advisory)
- https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/
- https://www.theregister.com/2024/04/10/intel_cpus_native_spectre_attacks/
- https://www.openwall.com/lists/oss-security/2024/04/09/15
- https://www.vusec.net/projects/native-bhi/
- https://download.vusec.net/papers/inspectre_sec24.pdf
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2250691
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://access.redhat.com/errata/RHSA-2024:6995
- https://access.redhat.com/errata/RHSA-2024:6994
- https://access.redhat.com/errata/RHSA-2024:8614
- https://access.redhat.com/errata/RHSA-2024:8613
- https://access.redhat.com/errata/RHSA-2024:8617
- https://bugzilla.redhat.com/show_bug.cgi?id=2268118
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201
- https://nvd.nist.gov/vuln/detail/CVE-2024-2201
- https://launchpad.net/bugs/cve/CVE-2024-2201
- https://security-tracker.debian.org/tracker/CVE-2024-2201
- https://ubuntu.com/security/CVE-2024-2201
- https://vusec.net/projects/native-bhi
- https://xenbits.xen.org/xsa/advisory-456.html
- https://www.kb.cert.org/vuls/id/155143
- https://github.com/vusec/inspectre-gadget?tab=readme-ov-file
- http://www.openwall.com/lists/oss-security/2024/04/09/15
- http://www.openwall.com/lists/oss-security/2024/05/07/7
- http://xenbits.xen.org/xsa/advisory-456.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm
Frequently Asked Questions
What is the severity of CVE-2024-2201?
CVE-2024-2201 is classified as a high severity vulnerability due to its ability to bypass multiple mitigations in place.
How do I fix CVE-2024-2201?
To fix CVE-2024-2201, you need to apply the appropriate patches provided by Microsoft for the affected software versions.
What systems are affected by CVE-2024-2201?
CVE-2024-2201 affects various Microsoft Windows versions including Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11.
Is CVE-2024-2201 a remote exploit?
CVE-2024-2201 can be exploited remotely, allowing attackers to execute unauthorized code on vulnerable systems.
What is the nature of the vulnerability in CVE-2024-2201?
CVE-2024-2201 is a cross-privilege Spectre v2 vulnerability that allows attackers to bypass existing security mitigations.
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-2201
- collector/msrc
- source/Microsoft
- collector/msrc-cve
- agent/type
- agent/software-canonical-lookup
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2022-0001
- alias/CVE-2022-0002
- collector/the-register
- source/The Register
- agent/news-ai
- agent/remedy
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- agent/weakness
- agent/title
- agent/references
- agent/trending
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- collector/nvd-cve
- agent/source
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/22h2
- canonical/microsoft windows server 2008 r2
- version/microsoft windows 10/1809
- version/microsoft windows 10/21h2
- version/microsoft windows 10/1607
- canonical/microsoft windows server 2012 r2
- canonical/microsoft windows server 2022 23h2
- canonical/microsoft windows server
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- canonical/windows 11
- version/windows 11/23h2
- version/windows 11/22h2
- version/windows 11/21h2
- canonical/microsoft windows server 2022
- package-manager/debian